nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Cisco patches security appliance bugs

ASA can be DoSsed by XML, VPN attacks

By Richard Chirgwin, 18 May 2016

It's Borg Bug Day, and this week Cisco's issued patches of interest to users of its Adaptive Security Appliances (ASAs).

The two newly-announced bugs are CVE-2016-1379, a VPN block memory exhaustion vulnerability; and CVE-2016-1385, a problem with the ASA XML parser.

The memory exhaustion vulnerability affects ASA software releases later than 9.0, and can be exploited remotely.

The software has a bug in how it handles ICMP errors in IPsec packets, and crafted packets sent either through LAN-to-LAN or remote access VPN tunnels can “deplete available memory”.

That results in a denial-of-service, either because the system becomes unstable or it stops forwarding traffic.

The software is vulnerable if the user's using IKEv1 or IKEv2 for LAN-to-LAN VPNs, or remote access VPNs using Layer 2 Tunnelling Protocol and Ipsec; and if the system is validating ICMP errors.

The XML parser vulnerability is less serious, because it can only be exploited by an authenticated user.

A local admin can crash the system by tricking the ASA into parsing a malicious XML file; while someone with Clientless SSL VPN access can send a crafted XML file over their connection.

In either case, because the XML parser isn't sufficiently hardened, the malicious file can force a system reload.

All ASA releases are affected, and Cisco has released patches. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing