Sign-up

ID

VAR-200705-0480


CVE

CVE-2007-2463


TITLE

Cisco ASA clientless SSL VPN denial of service vulnerability

Trust: 0.8

sources: CERT/CC: VU#337508

DESCRIPTION

Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry. The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. According to Cisco Systems information IPSec VPN If an attacker attempts to exploit the, the group name and group password must be known. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. A successful attack can result in a device reload. This vulnerability is documented as software bug CSCsh81111. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) An unspecified error exists when using the LDAP authentication mechanism, which can be exploited to bypass the authentication and gain access to the device or the network. Successful exploitation requires that the device uses the Layer 2 Tunneling Protocol (L2TP) and is configured to use LDAP servers with another protocol other than PAP for authentication, or that the device offers remote management access (telnet, SSH, HTTP) and uses an LDAP AAA server for authentication. 2) An unspecified error when using VPN connections configured with password expiry can be exploited to cause a DoS. Successful exploitation requires that the tunnel group is configured with password expiry. 3) A race condition within the processing of non-standard SSL sessions in the SSL VPN server of Cisco ASA appliances can be exploited to cause the device to reload. Successful exploitation requires that clientless SSL is used. 4) An error within the DHCP relay agent when handling DHCPACK messages can be exploited to cause a DoS due to memory exhaustion by sending a large number of DHCP requests to a vulnerable device. Successful exploitation requires that devices are configured to use the DHCP relay agent. SOLUTION: Apply updated software versions. Please see vendor advisories for details. PROVIDED AND/OR DISCOVERED BY: 1-3) Reported by the vendor. 4) Lisa Sittler and Grant Deffenbaugh, CERT/CC. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html http://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html US-CERT VU#530057: http://www.kb.cert.org/vuls/id/530057 OTHER REFERENCES: US-CERT VU#210876: http://www.kb.cert.org/vuls/id/210876 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.23

sources: NVD: CVE-2007-2463 // CERT/CC: VU#337508 // CERT/CC: VU#210876 // CERT/CC: VU#530057 // JVNDB: JVNDB-2007-000336 // BID: 23768 // VULHUB: VHN-25825 // PACKETSTORM: 56436

AFFECTED PRODUCTS

vendor:ciscomodel: - scope: - version: -

Trust: 3.2

vendor:ciscomodel:pixscope:eqversion:7.1

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:7.1

Trust: 1.6

vendor:ciscomodel:pixscope:lteversion:7.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:7.2.2

Trust: 1.0

vendor:ciscomodel:pix/asascope:eqversion:7.1

Trust: 0.8

vendor:ciscomodel:pix/asascope:eqversion:7.2

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:7.2.2

Trust: 0.6

vendor:ciscomodel:pixscope:eqversion:7.2

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:7.2

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:7.1

Trust: 0.6

vendor:ciscomodel:pix/asascope:eqversion:7.2.2

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2.(2.7)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2.(2.16)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2(2.15)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2(2.14)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2(2.10)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2(1)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.1.(2.48)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.1(2.5)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.1(2)

Trust: 0.3

vendor:ciscomodel:pix/asascope:neversion:7.2.(2.8)

Trust: 0.3

vendor:ciscomodel:pix/asascope:neversion:7.2.(2.19)

Trust: 0.3

vendor:ciscomodel:pix/asascope:neversion:7.2.(2.17)

Trust: 0.3

vendor:ciscomodel:pix/asascope:neversion:7.1.(2.49)

Trust: 0.3

sources: CERT/CC: VU#337508 // CERT/CC: VU#210876 // CERT/CC: VU#530057 // BID: 23768 // JVNDB: JVNDB-2007-000336 // CNNVD: CNNVD-200705-024 // NVD: CVE-2007-2463

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2463
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#337508
value: 0.70

Trust: 0.8

CARNEGIE MELLON: VU#210876
value: 2.43

Trust: 0.8

CARNEGIE MELLON: VU#530057
value: 0.64

Trust: 0.8

NVD: CVE-2007-2463
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200705-024
value: HIGH

Trust: 0.6

VULHUB: VHN-25825
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2463
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25825
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#337508 // CERT/CC: VU#210876 // CERT/CC: VU#530057 // VULHUB: VHN-25825 // JVNDB: JVNDB-2007-000336 // CNNVD: CNNVD-200705-024 // NVD: CVE-2007-2463

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-2463

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-024

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200705-024

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000336

PATCH
title:cisco-sa-20070502-asaurl:http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000336

EXTERNAL IDS
db:NVDid:CVE-2007-2463
Trust: 2.8
db:BIDid:23768
Trust: 2.8
db:SECUNIAid:25109
Trust: 2.7
db:OSVDBid:35332
Trust: 1.7
db:VUPENid:ADV-2007-1636
Trust: 1.7
db:CERT/CCid:VU#210876
Trust: 1.2
db:CERT/CCid:VU#337508
Trust: 1.1
db:CERT/CCid:VU#530057
Trust: 0.9
db:OSVDBid:35331
Trust: 0.8
db:JVNDBid:JVNDB-2007-000336
Trust: 0.8
db:XFid:34021
Trust: 0.6
db:CISCOid:20070502 LDAP AND VPN VULNERABILITIES IN PIX AND ASA APPLIANCES
Trust: 0.6
db:CNNVDid:CNNVD-200705-024
Trust: 0.6
db:VULHUBid:VHN-25825
Trust: 0.1
db:PACKETSTORMid:56436
Trust: 0.1
sources:
            
            
            CERT/CC: VU#337508 // 
            
            
            
            CERT/CC: VU#210876 // 
            
            
            
            CERT/CC: VU#530057 // 
            
            
            
            VULHUB: VHN-25825 // 
            
            
            
            BID: 23768 // 
            
            
            
            JVNDB: JVNDB-2007-000336 // 
            
            
            
            PACKETSTORM: 56436 // 
            
            
            
            CNNVD: CNNVD-200705-024 // 
            
            
            
            NVD: CVE-2007-2463

REFERENCES
url:http://www.securityfocus.com/bid/23768
Trust: 2.5
url:http://www.cisco.com/en/us/products/ps6120/index.html
Trust: 2.4
url:http://en.wikipedia.org/wiki/intrusion-prevention_system
Trust: 2.4
url:http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml
Trust: 2.0
url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml
Trust: 1.7
url:http://www.osvdb.org/35332
Trust: 1.7
url:http://secunia.com/advisories/25109
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2007/1636
Trust: 1.4
url:http://www.vupen.com/english/advisories/2007/1636
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34021
Trust: 1.1
url:http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml
Trust: 0.9
url:http://secunia.com/advisories/25109/
Trust: 0.9
url:http://www.cisco.com/warp/public/110/webvpnasa.pdf
Trust: 0.8
url:http://www.cisco.com/en/us/netsol/ns461/networking_solutions_white_paper0900aecd80282f87.shtml
Trust: 0.8
url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml#details
Trust: 0.8
url:http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsi16248
Trust: 0.8
url:http://www.osvdb.org/35331
Trust: 0.8
url:http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsh50277
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a0080636f31.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2463
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2463
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/34021
Trust: 0.6
url:http://www.kb.cert.org/vuls/id/210876
Trust: 0.4
url:http://www.cisco.com/
Trust: 0.3
url:/archive/1/467385
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/337508
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://www.kb.cert.org/vuls/id/530057
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/product/6102/
Trust: 0.1
url:http://www.cisco.com/en/us/products/products_applied_intelligence_response09186a008083316f.html
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://www.cisco.com/en/us/products/products_security_response09186a0080833172.html
Trust: 0.1
url:http://secunia.com/product/6115/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#337508 // 
            
            
            
            CERT/CC: VU#210876 // 
            
            
            
            CERT/CC: VU#530057 // 
            
            
            
            VULHUB: VHN-25825 // 
            
            
            
            BID: 23768 // 
            
            
            
            JVNDB: JVNDB-2007-000336 // 
            
            
            
            PACKETSTORM: 56436 // 
            
            
            
            CNNVD: CNNVD-200705-024 // 
            
            
            
            NVD: CVE-2007-2463

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200705-024

SOURCES
db:CERT/CCid:VU#337508
db:CERT/CCid:VU#210876
db:CERT/CCid:VU#530057
db:VULHUBid:VHN-25825
db:BIDid:23768
db:JVNDBid:JVNDB-2007-000336
db:PACKETSTORMid:56436
db:CNNVDid:CNNVD-200705-024
db:NVDid:CVE-2007-2463

LAST UPDATE DATE
2024-11-23T22:43:22.917000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#337508date:2007-05-04T00:00:00
db:CERT/CCid:VU#210876date:2007-06-15T00:00:00
db:CERT/CCid:VU#530057date:2007-05-03T00:00:00
db:VULHUBid:VHN-25825date:2018-10-30T00:00:00
db:BIDid:23768date:2016-07-06T14:39:00
db:JVNDBid:JVNDB-2007-000336date:2007-05-24T00:00:00
db:CNNVDid:CNNVD-200705-024date:2007-08-02T00:00:00
db:NVDid:CVE-2007-2463date:2024-11-21T00:30:51.130

SOURCES RELEASE DATE
db:CERT/CCid:VU#337508date:2007-05-03T00:00:00
db:CERT/CCid:VU#210876date:2007-05-02T00:00:00
db:CERT/CCid:VU#530057date:2007-05-02T00:00:00
db:VULHUBid:VHN-25825date:2007-05-02T00:00:00
db:BIDid:23768date:2007-05-02T00:00:00
db:JVNDBid:JVNDB-2007-000336date:2007-05-24T00:00:00
db:PACKETSTORMid:56436date:2007-05-04T05:48:13
db:CNNVDid:CNNVD-200705-024date:2007-05-02T00:00:00
db:NVDid:CVE-2007-2463date:2007-05-02T22:19:00