Details of VAR-200705-0566

ID

VAR-200705-0566

CVE

CVE-2007-2462

TITLE

Cisco ASA clientless SSL VPN denial of service vulnerability

Trust: 0.8

sources: CERT/CC: VU#337508

DESCRIPTION

Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors. The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. According to Cisco Systems information LDAP With authentication PAP (Password Authentication Protocol) There is no effect if is set to use.To a third party LDAP Authentication can be bypassed and unauthorized access to the appliance and internal resources can occur. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. Access to the management session must be explicitly enabled in the device configuration and restricted to defined IP addresses only. This vulnerability is documented in Cisco Bug ID as CSCsh42793. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 2) An unspecified error when using VPN connections configured with password expiry can be exploited to cause a DoS. Successful exploitation requires that the tunnel group is configured with password expiry. In order to exploit this in IPSec VPN connections, an attacker also needs to know the group name and group password. 3) A race condition within the processing of non-standard SSL sessions in the SSL VPN server of Cisco ASA appliances can be exploited to cause the device to reload. Successful exploitation requires that clientless SSL is used. 4) An error within the DHCP relay agent when handling DHCPACK messages can be exploited to cause a DoS due to memory exhaustion by sending a large number of DHCP requests to a vulnerable device. Successful exploitation requires that devices are configured to use the DHCP relay agent. SOLUTION: Apply updated software versions. Please see vendor advisories for details. PROVIDED AND/OR DISCOVERED BY: 1-3) Reported by the vendor. 4) Lisa Sittler and Grant Deffenbaugh, CERT/CC. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html http://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html US-CERT VU#530057: http://www.kb.cert.org/vuls/id/530057 OTHER REFERENCES: US-CERT VU#210876: http://www.kb.cert.org/vuls/id/210876 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.32

sources: NVD: CVE-2007-2462 // CERT/CC: VU#337508 // CERT/CC: VU#210876 // CERT/CC: VU#530057 // JVNDB: JVNDB-2007-000335 // BID: 23768 // VULHUB: VHN-25824 // VULMON: CVE-2007-2462 // PACKETSTORM: 56436

AFFECTED PRODUCTS

vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 3.2
vendor:	cisco	model:	pix	scope:	eq	version:	7.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1	Trust: 1.6
vendor:	cisco	model:	pix	scope:	lte	version:	7.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	7.2.2	Trust: 1.0
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.2	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.2	Trust: 0.6
vendor:	cisco	model:	pix	scope:	eq	version:	7.2	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	7.2	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	7.1	Trust: 0.6
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.2.2	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.2.(2.7)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.2.(2.16)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.2(2.15)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.2(2.14)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.2(2.10)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.2(1)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.1.(2.48)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.1(2.5)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.1(2)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.2.(2.8)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.2.(2.19)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.2.(2.17)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.1.(2.49)	Trust: 0.3

sources: CERT/CC: VU#337508 // CERT/CC: VU#210876 // CERT/CC: VU#530057 // BID: 23768 // JVNDB: JVNDB-2007-000335 // CNNVD: CNNVD-200705-034 // NVD: CVE-2007-2462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-2462
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#337508
value:	0.70
Trust: 0.8
CARNEGIE MELLON:	VU#210876
value:	2.43
Trust: 0.8
CARNEGIE MELLON:	VU#530057
value:	0.64
Trust: 0.8
NVD:	CVE-2007-2462
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200705-034
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-25824
value:	HIGH
Trust: 0.1
VULMON:	CVE-2007-2462
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-2462
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-25824
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#337508 // CERT/CC: VU#210876 // CERT/CC: VU#530057 // VULHUB: VHN-25824 // VULMON: CVE-2007-2462 // JVNDB: JVNDB-2007-000335 // CNNVD: CNNVD-200705-034 // NVD: CVE-2007-2462

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2462

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-034

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200705-034

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000335

PATCH

title:

cisco-sa-20070502-asa

url:

http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2007-000335

EXTERNAL IDS

db:	CERT/CC	id:	VU#210876	Trust: 3.8
db:	BID	id:	23768	Trust: 2.9
db:	NVD	id:	CVE-2007-2462	Trust: 2.9
db:	SECUNIA	id:	25109	Trust: 2.8
db:	OSVDB	id:	35331	Trust: 2.6
db:	SECTRACK	id:	1017994	Trust: 2.5
db:	SECTRACK	id:	1017995	Trust: 2.5
db:	VUPEN	id:	ADV-2007-1636	Trust: 1.7
db:	XF	id:	34020	Trust: 1.4
db:	CERT/CC	id:	VU#337508	Trust: 1.1
db:	CERT/CC	id:	VU#530057	Trust: 0.9
db:	JVNDB	id:	JVNDB-2007-000335	Trust: 0.8
db:	CISCO	id:	20070502 LDAP AND VPN VULNERABILITIES IN PIX AND ASA APPLIANCES	Trust: 0.6
db:	CNNVD	id:	CNNVD-200705-034	Trust: 0.6
db:	VULHUB	id:	VHN-25824	Trust: 0.1
db:	VUPEN	id:	2007/1636	Trust: 0.1
db:	VULMON	id:	CVE-2007-2462	Trust: 0.1
db:	PACKETSTORM	id:	56436	Trust: 0.1

sources: CERT/CC: VU#337508 // CERT/CC: VU#210876 // CERT/CC: VU#530057 // VULHUB: VHN-25824 // VULMON: CVE-2007-2462 // BID: 23768 // JVNDB: JVNDB-2007-000335 // PACKETSTORM: 56436 // CNNVD: CNNVD-200705-034 // NVD: CVE-2007-2462

REFERENCES

url:	http://www.kb.cert.org/vuls/id/210876	Trust: 3.1
url:	http://www.osvdb.org/35331	Trust: 2.6
url:	http://www.securityfocus.com/bid/23768	Trust: 2.6
url:	http://www.securitytracker.com/id?1017994	Trust: 2.6
url:	http://www.securitytracker.com/id?1017995	Trust: 2.6
url:	http://www.cisco.com/en/us/products/ps6120/index.html	Trust: 2.4
url:	http://en.wikipedia.org/wiki/intrusion-prevention_system	Trust: 2.4
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml	Trust: 2.0
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml	Trust: 1.8
url:	http://secunia.com/advisories/25109	Trust: 1.8
url:	http://www.frsirt.com/english/advisories/2007/1636	Trust: 1.4
url:	http://xforce.iss.net/xforce/xfdb/34020	Trust: 1.4
url:	http://www.vupen.com/english/advisories/2007/1636	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/34020	Trust: 1.2
url:	http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml	Trust: 0.9
url:	http://secunia.com/advisories/25109/	Trust: 0.9
url:	http://www.cisco.com/warp/public/110/webvpnasa.pdf	Trust: 0.8
url:	http://www.cisco.com/en/us/netsol/ns461/networking_solutions_white_paper0900aecd80282f87.shtml	Trust: 0.8
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml#details	Trust: 0.8
url:	http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsi16248	Trust: 0.8
url:	http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsh50277	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a0080636f31.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2462	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2462	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/467385	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/337508	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/530057	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/product/6102/	Trust: 0.1
url:	http://www.cisco.com/en/us/products/products_applied_intelligence_response09186a008083316f.html	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://www.cisco.com/en/us/products/products_security_response09186a0080833172.html	Trust: 0.1
url:	http://secunia.com/product/6115/	Trust: 0.1

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200705-034

SOURCES

db:	CERT/CC	id:	VU#337508
db:	CERT/CC	id:	VU#210876
db:	CERT/CC	id:	VU#530057
db:	VULHUB	id:	VHN-25824
db:	VULMON	id:	CVE-2007-2462
db:	BID	id:	23768
db:	JVNDB	id:	JVNDB-2007-000335
db:	PACKETSTORM	id:	56436
db:	CNNVD	id:	CNNVD-200705-034
db:	NVD	id:	CVE-2007-2462

LAST UPDATE DATE

2024-11-23T22:43:22.824000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#337508	date:	2007-05-04T00:00:00
db:	CERT/CC	id:	VU#210876	date:	2007-06-15T00:00:00
db:	CERT/CC	id:	VU#530057	date:	2007-05-03T00:00:00
db:	VULHUB	id:	VHN-25824	date:	2018-10-30T00:00:00
db:	VULMON	id:	CVE-2007-2462	date:	2018-10-30T00:00:00
db:	BID	id:	23768	date:	2016-07-06T14:39:00
db:	JVNDB	id:	JVNDB-2007-000335	date:	2007-05-24T00:00:00
db:	CNNVD	id:	CNNVD-200705-034	date:	2007-05-03T00:00:00
db:	NVD	id:	CVE-2007-2462	date:	2024-11-21T00:30:50.973

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#337508	date:	2007-05-03T00:00:00
db:	CERT/CC	id:	VU#210876	date:	2007-05-02T00:00:00
db:	CERT/CC	id:	VU#530057	date:	2007-05-02T00:00:00
db:	VULHUB	id:	VHN-25824	date:	2007-05-02T00:00:00
db:	VULMON	id:	CVE-2007-2462	date:	2007-05-02T00:00:00
db:	BID	id:	23768	date:	2007-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2007-000335	date:	2007-05-24T00:00:00
db:	PACKETSTORM	id:	56436	date:	2007-05-04T05:48:13
db:	CNNVD	id:	CNNVD-200705-034	date:	2007-05-02T00:00:00
db:	NVD	id:	CVE-2007-2462	date:	2007-05-02T22:19:00