CVE-2014-3382

Name of the Vulnerable Software and Affected Versions Cisco ASA Software versions 7.2 through 7.2(5.12) Cisco ASA Software versions 8.2 through 8.2(5.49) Cisco ASA Software versions 8.3 through 8.3(2.41) Cisco ASA Software versions 8.4 through 8.4(7.14) Cisco ASA Software versions 8.5 through 8.5(1.20) Cisco ASA Software versions 8.6 through 8.6(1.13) Cisco ASA Software versions 8.7 through 8.7(1.12) Cisco ASA Software versions 9.0 through 9.0(4.4) Cisco ASA Software versions 9.1 through 9.1(5.0)

Description The SQL*Net inspection engine in Cisco ASA Software allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets. There have been reports of disruption to some devices.

Recommendations For Cisco ASA Software version 7.2, update to 7.2(5.13) or later. For Cisco ASA Software version 8.2, update to 8.2(5.50) or later. For Cisco ASA Software version 8.3, update to 8.3(2.42) or later. For Cisco ASA Software version 8.4, update to 8.4(7.15) or later. For Cisco ASA Software version 8.5, update to 8.5(1.21) or later. For Cisco ASA Software version 8.6, update to 8.6(1.14) or later. For Cisco ASA Software version 8.7, update to 8.7(1.13) or later. For Cisco ASA Software version 9.0, update to 9.0(4.5) or later. For Cisco ASA Software version 9.1, update to 9.1(5.1) or later.