ID

VAR-200702-0342

CVE

CVE-2007-0962

TITLE

Cisco PIX/ASA and FWSM Rogue HTTP Service disruption due to traffic (DoS) Vulnerabilities

DESCRIPTION

Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic. According to Cisco Systems information, advanced HTTP The inspection function is disabled by default and is "inspect http" (HTTP Inspection ) Has been reported to be unaffected.Crafted by a third party HTTP Processing the request causes the device to interfere with service operation (DoS) It may be in a state. Cisco PIX and ASA are prone to a privilege-escalation vulnerability. Exploiting this issue allows authenticated attackers to gain administrative privileges on affected computers. This may facilitate the complete compromise of the affected device. This issue is tracked by Cisco Bug ID: CSCsh33287. The Cisco PIX/ASA and Firewall Services Module (FWSM) provide firewall services with stateful packet filtering and deep packet inspection. Note that normal HTTP inspection (configured via inspect http, without HTTP mapping) is not affected by this vulnerability. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Cisco PIX and ASA Privilege Escalation and Denial of Service SECUNIA ADVISORY ID: SA24160 VERIFY ADVISORY: http://secunia.com/advisories/24160/ CRITICAL: Moderately critical IMPACT: Privilege escalation, DoS WHERE: >From remote OPERATING SYSTEM: Cisco PIX 7.x http://secunia.com/product/6102/ Cisco Adaptive Security Appliance (ASA) 7.x http://secunia.com/product/6115/ DESCRIPTION: Some vulnerabilities have been reported in Cisco PIX and ASA, which can be exploited by malicious users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service). 1) An unspecified error exists within the enhanced HTTP inspection feature. This can be exploited to crash the device via malformed HTTP requests, but requires that enhanced HTTP inspection is enabled. 2) An unspecified error exists within the SIP packet inspection. This can be exploited to crash the device by sending specially crafted SIP packets, but requires that "inspect" is enabled (it is disabled by default). 3) An unspecified error exists within the TCP-based protocol inspection. This can be exploited to crash the device via malformed packets, but requires that inspection of TCP-based protocols (e.g. FTP or HTTP) is enabled. 4) An unspecified error within the "LOCAL" authentication method can be exploited to gain escalated privileges. Successful exploitation allows gaining privilege level 15 and changing the complete configuration of the device, but requires that the attacker can authenticate to the device and that he is defined in the local database with privilege level 0. SOLUTION: Apply updated versions. See the vendor advisory for a patch matrix. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070214-pix.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Successful exploitation requires that "SIP fixup" is enabled, which is the default setting. 2) A security issue when manipulating ACLs (Access Control Lists) that make use of object groups can corrupt ACLs, resulting in ACEs (Access Control Entries) being skipped or not evaluated in order, which can be exploited to bypass certain security restrictions. Note: Only an administrative user can change ACLs. Additionally, this does not affected devices which are reloaded after ACLs have been manipulated

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Cisco Security bulletin

SOURCES

LAST UPDATE DATE

2024-11-23T21:49:12.996000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE