Details of VAR-201704-1346

ID

VAR-201704-1346

CVE

CVE-2017-6609

TITLE

Cisco ASA Software IPsec Resource management vulnerability in code

Trust: 0.8

sources: JVNDB: JVNDB-2017-003371

DESCRIPTION

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. An attacker needs to establish a valid IPsec tunnel before exploiting this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.8) 9.2(4.15) 9.4(4) 9.5(3.2) 9.6(2). Cisco Bug IDs: CSCun16158. Vendors have confirmed this vulnerability Bug ID CSCun16158 It is released as.Service operation interruption (DoS) An attack may be carried out. Causes the affected device to reload. are all products of Cisco (Cisco). The platform provides features such as highly secure access to data and network resources

Trust: 2.52

sources: NVD: CVE-2017-6609 // JVNDB: JVNDB-2017-003371 // CNVD: CNVD-2017-05778 // BID: 97936 // VULHUB: VHN-114812

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-05778

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.29	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.3	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.6	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.7	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.20	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.6	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(1.50\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(2.243\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.26	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.42	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(0.0\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(7\)7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(0.104\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.37	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.2.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(3.1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.2.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.2.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.33	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.24	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(2.100\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.0.115	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.21	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(7\)6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(1.105\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.35	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(7\)4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.6(1.5)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.5(3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.4(4)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.2(4.11)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.1(7.7)	Trust: 0.3

sources: CNVD: CNVD-2017-05778 // BID: 97936 // JVNDB: JVNDB-2017-003371 // CNNVD: CNNVD-201704-1062 // NVD: CVE-2017-6609

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6609
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6609
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-05778
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-1062
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114812
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6609
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-05778
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114812
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6609
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-05778 // VULHUB: VHN-114812 // JVNDB: JVNDB-2017-003371 // CNNVD: CNNVD-201704-1062 // NVD: CVE-2017-6609

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-114812 // JVNDB: JVNDB-2017-003371 // NVD: CVE-2017-6609

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1062

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201704-1062

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003371

PATCH

title:	cisco-sa-20170419-asa-ipsec	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec	Trust: 0.8
title:	Patch for Cisco ASA Software Ipsec Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/93043	Trust: 0.6
title:	Cisco ASA Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70266	Trust: 0.6

sources: CNVD: CNVD-2017-05778 // JVNDB: JVNDB-2017-003371 // CNNVD: CNNVD-201704-1062

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6609	Trust: 3.4
db:	BID	id:	97936	Trust: 2.6
db:	SECTRACK	id:	1038316	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-003371	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-1062	Trust: 0.7
db:	CNVD	id:	CNVD-2017-05778	Trust: 0.6
db:	VULHUB	id:	VHN-114812	Trust: 0.1

sources: CNVD: CNVD-2017-05778 // VULHUB: VHN-114812 // BID: 97936 // JVNDB: JVNDB-2017-003371 // CNNVD: CNNVD-201704-1062 // NVD: CVE-2017-6609

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170419-asa-ipsec	Trust: 2.6
url:	http://www.securityfocus.com/bid/97936	Trust: 2.3
url:	http://www.securitytracker.com/id/1038316	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6609	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6609	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-05778 // VULHUB: VHN-114812 // BID: 97936 // JVNDB: JVNDB-2017-003371 // CNNVD: CNNVD-201704-1062 // NVD: CVE-2017-6609

CREDITS

Cisco.

Trust: 0.3

sources: BID: 97936

SOURCES

db:	CNVD	id:	CNVD-2017-05778
db:	VULHUB	id:	VHN-114812
db:	BID	id:	97936
db:	JVNDB	id:	JVNDB-2017-003371
db:	CNNVD	id:	CNNVD-201704-1062
db:	NVD	id:	CVE-2017-6609

LAST UPDATE DATE

2024-11-23T22:52:31.161000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-05778	date:	2017-05-02T00:00:00
db:	VULHUB	id:	VHN-114812	date:	2019-10-03T00:00:00
db:	BID	id:	97936	date:	2017-05-02T03:07:00
db:	JVNDB	id:	JVNDB-2017-003371	date:	2017-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-1062	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6609	date:	2024-11-21T03:30:06.840

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-05778	date:	2017-05-02T00:00:00
db:	VULHUB	id:	VHN-114812	date:	2017-04-20T00:00:00
db:	BID	id:	97936	date:	2017-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-003371	date:	2017-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-1062	date:	2017-04-20T00:00:00
db:	NVD	id:	CVE-2017-6609	date:	2017-04-20T22:59:00.573