Sign-up

ID

VAR-200705-0481


CVE

CVE-2007-2464


TITLE

Cisco ASA clientless SSL VPN denial of service vulnerability

Trust: 0.8

sources: CERT/CC: VU#337508

DESCRIPTION

Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions.". The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. This vulnerability is documented as bug CSCsi16248. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) An unspecified error exists when using the LDAP authentication mechanism, which can be exploited to bypass the authentication and gain access to the device or the network. Successful exploitation requires that the device uses the Layer 2 Tunneling Protocol (L2TP) and is configured to use LDAP servers with another protocol other than PAP for authentication, or that the device offers remote management access (telnet, SSH, HTTP) and uses an LDAP AAA server for authentication. 2) An unspecified error when using VPN connections configured with password expiry can be exploited to cause a DoS. Successful exploitation requires that the tunnel group is configured with password expiry. In order to exploit this in IPSec VPN connections, an attacker also needs to know the group name and group password. Successful exploitation requires that clientless SSL is used. 4) An error within the DHCP relay agent when handling DHCPACK messages can be exploited to cause a DoS due to memory exhaustion by sending a large number of DHCP requests to a vulnerable device. Successful exploitation requires that devices are configured to use the DHCP relay agent. SOLUTION: Apply updated software versions. Please see vendor advisories for details. PROVIDED AND/OR DISCOVERED BY: 1-3) Reported by the vendor. 4) Lisa Sittler and Grant Deffenbaugh, CERT/CC. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html http://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html US-CERT VU#530057: http://www.kb.cert.org/vuls/id/530057 OTHER REFERENCES: US-CERT VU#210876: http://www.kb.cert.org/vuls/id/210876 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.23

sources: NVD: CVE-2007-2464 // CERT/CC: VU#337508 // CERT/CC: VU#210876 // CERT/CC: VU#530057 // JVNDB: JVNDB-2007-000337 // BID: 23768 // VULHUB: VHN-25826 // PACKETSTORM: 56436

AFFECTED PRODUCTS

vendor:ciscomodel: - scope: - version: -

Trust: 3.2

vendor:ciscomodel:pixscope:eqversion:7.1

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:7.1

Trust: 1.6

vendor:ciscomodel:pixscope:lteversion:7.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:7.2.2

Trust: 1.0

vendor:ciscomodel:pix/asascope:eqversion:7.1

Trust: 0.8

vendor:ciscomodel:pix/asascope:eqversion:7.2

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:7.2.2

Trust: 0.6

vendor:ciscomodel:pixscope:eqversion:7.2

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:7.2

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:7.1

Trust: 0.6

vendor:ciscomodel:pix/asascope:eqversion:7.2.2

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2.(2.7)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2.(2.16)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2(2.15)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2(2.14)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2(2.10)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.2(1)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.1.(2.48)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.1(2.5)

Trust: 0.3

vendor:ciscomodel:pix/asascope:eqversion:7.1(2)

Trust: 0.3

vendor:ciscomodel:pix/asascope:neversion:7.2.(2.8)

Trust: 0.3

vendor:ciscomodel:pix/asascope:neversion:7.2.(2.19)

Trust: 0.3

vendor:ciscomodel:pix/asascope:neversion:7.2.(2.17)

Trust: 0.3

vendor:ciscomodel:pix/asascope:neversion:7.1.(2.49)

Trust: 0.3

sources: CERT/CC: VU#337508 // CERT/CC: VU#210876 // CERT/CC: VU#530057 // BID: 23768 // JVNDB: JVNDB-2007-000337 // CNNVD: CNNVD-200705-031 // NVD: CVE-2007-2464

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2464
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#337508
value: 0.70

Trust: 0.8

CARNEGIE MELLON: VU#210876
value: 2.43

Trust: 0.8

CARNEGIE MELLON: VU#530057
value: 0.64

Trust: 0.8

NVD: CVE-2007-2464
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200705-031
value: HIGH

Trust: 0.6

VULHUB: VHN-25826
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2464
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25826
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#337508 // CERT/CC: VU#210876 // CERT/CC: VU#530057 // VULHUB: VHN-25826 // JVNDB: JVNDB-2007-000337 // CNNVD: CNNVD-200705-031 // NVD: CVE-2007-2464

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2464

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-031

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200705-031

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000337

PATCH
title:cisco-sa-20070502-asaurl:http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000337

EXTERNAL IDS
db:CERT/CCid:VU#337508
Trust: 3.6
db:BIDid:23768
Trust: 2.8
db:NVDid:CVE-2007-2464
Trust: 2.8
db:SECUNIAid:25109
Trust: 2.7
db:VUPENid:ADV-2007-1636
Trust: 1.7
db:OSVDBid:35333
Trust: 1.7
db:XFid:34023
Trust: 1.4
db:CERT/CCid:VU#210876
Trust: 1.2
db:CERT/CCid:VU#530057
Trust: 0.9
db:OSVDBid:35331
Trust: 0.8
db:JVNDBid:JVNDB-2007-000337
Trust: 0.8
db:CISCOid:20070502 LDAP AND VPN VULNERABILITIES IN PIX AND ASA APPLIANCES
Trust: 0.6
db:CNNVDid:CNNVD-200705-031
Trust: 0.6
db:VULHUBid:VHN-25826
Trust: 0.1
db:PACKETSTORMid:56436
Trust: 0.1
sources:
            
            
            CERT/CC: VU#337508 // 
            
            
            
            CERT/CC: VU#210876 // 
            
            
            
            CERT/CC: VU#530057 // 
            
            
            
            VULHUB: VHN-25826 // 
            
            
            
            BID: 23768 // 
            
            
            
            JVNDB: JVNDB-2007-000337 // 
            
            
            
            PACKETSTORM: 56436 // 
            
            
            
            CNNVD: CNNVD-200705-031 // 
            
            
            
            NVD: CVE-2007-2464

REFERENCES
url:http://www.kb.cert.org/vuls/id/337508
Trust: 2.8
url:http://www.securityfocus.com/bid/23768
Trust: 2.5
url:http://www.cisco.com/en/us/products/ps6120/index.html
Trust: 2.4
url:http://en.wikipedia.org/wiki/intrusion-prevention_system
Trust: 2.4
url:http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml
Trust: 2.0
url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml
Trust: 1.7
url:http://www.osvdb.org/35333
Trust: 1.7
url:http://secunia.com/advisories/25109
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2007/1636
Trust: 1.4
url:http://xforce.iss.net/xforce/xfdb/34023
Trust: 1.4
url:http://www.vupen.com/english/advisories/2007/1636
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34023
Trust: 1.1
url:http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml
Trust: 0.9
url:http://secunia.com/advisories/25109/
Trust: 0.9
url:http://www.cisco.com/warp/public/110/webvpnasa.pdf
Trust: 0.8
url:http://www.cisco.com/en/us/netsol/ns461/networking_solutions_white_paper0900aecd80282f87.shtml
Trust: 0.8
url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml#details
Trust: 0.8
url:http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsi16248
Trust: 0.8
url:http://www.osvdb.org/35331
Trust: 0.8
url:http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsh50277
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a0080636f31.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2464
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2464
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/210876
Trust: 0.4
url:http://www.cisco.com/
Trust: 0.3
url:/archive/1/467385
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://www.kb.cert.org/vuls/id/530057
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/product/6102/
Trust: 0.1
url:http://www.cisco.com/en/us/products/products_applied_intelligence_response09186a008083316f.html
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://www.cisco.com/en/us/products/products_security_response09186a0080833172.html
Trust: 0.1
url:http://secunia.com/product/6115/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#337508 // 
            
            
            
            CERT/CC: VU#210876 // 
            
            
            
            CERT/CC: VU#530057 // 
            
            
            
            VULHUB: VHN-25826 // 
            
            
            
            BID: 23768 // 
            
            
            
            JVNDB: JVNDB-2007-000337 // 
            
            
            
            PACKETSTORM: 56436 // 
            
            
            
            CNNVD: CNNVD-200705-031 // 
            
            
            
            NVD: CVE-2007-2464

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200705-031

SOURCES
db:CERT/CCid:VU#337508
db:CERT/CCid:VU#210876
db:CERT/CCid:VU#530057
db:VULHUBid:VHN-25826
db:BIDid:23768
db:JVNDBid:JVNDB-2007-000337
db:PACKETSTORMid:56436
db:CNNVDid:CNNVD-200705-031
db:NVDid:CVE-2007-2464

LAST UPDATE DATE
2024-11-23T22:43:22.964000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#337508date:2007-05-04T00:00:00
db:CERT/CCid:VU#210876date:2007-06-15T00:00:00
db:CERT/CCid:VU#530057date:2007-05-03T00:00:00
db:VULHUBid:VHN-25826date:2018-10-30T00:00:00
db:BIDid:23768date:2016-07-06T14:39:00
db:JVNDBid:JVNDB-2007-000337date:2007-05-24T00:00:00
db:CNNVDid:CNNVD-200705-031date:2007-05-03T00:00:00
db:NVDid:CVE-2007-2464date:2024-11-21T00:30:51.300

SOURCES RELEASE DATE
db:CERT/CCid:VU#337508date:2007-05-03T00:00:00
db:CERT/CCid:VU#210876date:2007-05-02T00:00:00
db:CERT/CCid:VU#530057date:2007-05-02T00:00:00
db:VULHUBid:VHN-25826date:2007-05-02T00:00:00
db:BIDid:23768date:2007-05-02T00:00:00
db:JVNDBid:JVNDB-2007-000337date:2007-05-24T00:00:00
db:PACKETSTORMid:56436date:2007-05-04T05:48:13
db:CNNVDid:CNNVD-200705-031date:2007-05-02T00:00:00
db:NVDid:CVE-2007-2464date:2007-05-02T22:19:00