Background Print only logo
Viestintäviraston etusivulle
Home Page | Advice | Reports | Activities |

CERT-FI:

P.O. Box 313
FI-00181 Helsinki
Phone: +358 9 6966 510
Fax: +358 9 6966 515

PGP keys

Finnish Communications Regulatory Authority (FICORA):


Itämerenkatu 3 A
P. O. Box 313
FI-00180 HELSINKI
Phone: +358 9 6966 500
Fax: +358 9 6966 410

Detailed contact information

 Home Page > Reports > 2010 > CERT-FI Advisory on Cisco ASA TLS

CERT-FI Advisory on Cisco ASA TLS

Target - servers and server applications



Access Vector - remote
- no user interaction required
- no authentication required




Impact - denial of service



Remediation - fix provided by vendor



Details

Eight vulnerabilities have been found in Cisco ASA 5500 Series Adaptive Security Appliances. Three vulnerabilities (CVE-2010-1578, CVE-2010-1579, and CVE-2010-1580) are related to handling SunRPC (Remote Procedure Call) packet in transit through the device. Three vulnerabilities (CVE-2010-1581, CVE-2010-2814, and CVE-2010-2815) are due to handling crafted TLS (Transport Layer Security) packets. One vulnerability (CVE-2010-2816) is related to the SIP (Session Initiation Protocol) traffic inspection features, and one vulnerability is (CVE-2010-2817) exists in the IKE (Internet Key Exchange) service. Exploiting these vulnerabilities can result into a denial of service condition on the device. Unauthenticated attackers can exploit the vulnerabilities.

CERT-FI coordinated the remediation efforts related to CVE-2010-1581.

Vulnerability Coordination Information and Acknowledgements

The vulnerability (CVE-2010-1581) were found using the Codenomicon D3 TLS Server test suite. CERT-FI would like to thank the reporter and Cisco Systems Inc for co-operation in the remediation efforts.

Vendor Information

  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco PIX 500 Series Security Appliances
See the Cisco advisory for version information.

Note that no patched will be made available for the Cisco PIX 500 Series Security Appliances, as it reached End of Software Maintenance Releases on July 28, 2009

Remediation

Patch the vulnerable software components according to the guidance published by the vendor.

The vulnerability can be mitigated by disabling affected services (SSL VPN, TLS Proxy for Encrypted Voice Inspection, Cut-Through Proxy for Network Access), or by filtering access to the ASDM (Cisco Adaptive Security Device Manager) service.

References

Contact Information

CERT-FI Vulnerability Coordination can be contacted as follows:

Email:
vulncoord@ficora.fi
Please quote the advisory reference [FICORA #364194] in the subject line

Telephone:
+358 9 6966 510
Monday - Friday 08:00 - 16:15 (EET: UTC+2)

Fax :
+358 9 6966 515

Post:
Vulnerability Coordination
FICORA/CERT-FI
P.O. Box 313
FI-00181 Helsinki
FINLAND

CERT-FI encourages those who wish to communicate via email to make use
of our PGP key. The key is available at

https://www.cert.fi/en/activities/contact/pgp-keys.html

The CERT-FI vulnerability coordination policy can be viewed at

https://www.cert.fi/en/activities/Vulncoord/vulncoord-policy.html.

Revision History

6 Aug 2010, 13:05 UTC: Published
15 Nov 2010, 08:13 UTC: Added JVNDB references

Page updated 15.11.2010   Print version Print version