Home > OFF TOPIC, Tips > Security Alert – multiple holes in Cisco security products

Security Alert – multiple holes in Cisco security products

Cisco released today, Feb 17th 2010 few security alerts about multiple holes in its security products – ASA 5500, PIX 500, firewall and CSA.

Information about the holes and patches can be found here and here.

The full list of products include Cisco ASA 5500 security appliance and Cisco Security Agent releases 5.1, 5.2 and 6.0, Cisco PIX 500 and Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 switches and Cisco 7600 routers.

According to announcement Cisco found several vulnerabilities for ASA:

  • CP Connection Exhaustion Denial of Service Vulnerability
  • Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerabilities
  • Skinny Client Control Protocol (SCCP) Inspection Denial of Service Vulnerability
  • WebVPN Datagram Transport Layer Security (DTLS) Denial of Service Vulnerability
  • Crafted TCP Segment Denial of Service Vulnerability
  • Crafted Internet Key Exchange (IKE) Message Denial of Service Vulnerability
  • NT LAN Manager version 1 (NTLMv1) Authentication Bypass Vulnerability

PIX 500 is not supported and will not get a fix but administrators should be aware of the problem.

The FWSM problem Cisco reported about state that the firewall may be forced to reload after processing an evil Skinny Client Control Protocol (SCCP) message. The vulnerability exists when SCCP inspection is enabled. It is only triggered by transit traffic not by traffic destined for the device.

Check the list of vulnerabilities in Cisco Security Agents

Are you going to patch? Share your approach at the comment section.

  1. February 22, 2010 at 9:59 am

    Sorry guys,

    The security advice is talking about release 5.x and 6.x, but my ASA are running firmware ver. 8.2!!! Release 6.x is at least 3 years older and I don’t say nothing about 5.x that was already old when buy my first PIX.

    So before to declare a verdict (like: Cisco is the Microsoft of networking) could be a good idea know what you are talking about.


    • February 22, 2010 at 10:20 am

      Alfredo, the security advice is actually talki9ng about your software as well. From the announcement:

      Appliances that are running versions 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected when they are configured for any of the following features:

      •SSL VPNs

      •Cisco Adaptive Security Device Manager (ASDM) Administrative Access

      •Telnet Access

      •SSH Access

      •Virtual Telnet

      •Virtual HTTP

      •Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection

  2. Carl M
    February 18, 2010 at 8:48 am

    This is exactly why real companies don’t rely on Cisco for frontline firewall/ID protection. Cisco is the Microsoft of networking.

  3. rowellism
    February 18, 2010 at 12:19 am

    It’s an ASA. Tomorrow I’ll be reading up on the docs and planning the patch for this weekend.

  4. Row
    February 18, 2010 at 12:07 am

    I’d like to patch my hardware as soon as possible. This will be the first time for me applying a patch to one of our Cisco devices.

    • February 18, 2010 at 12:16 am

      Which devices are you using? Let us know how was patching

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: