CVE-2014-3387

Name of the Vulnerable Software and Affected Versions Cisco ASA Software versions 7.2 through 7.2(5.13) Cisco ASA Software versions 8.2 through 8.2(5.50) Cisco ASA Software versions 8.3 through 8.3(2.41) Cisco ASA Software versions 8.4 through 8.4(7.22) Cisco ASA Software versions 8.5 through 8.5(1.20) Cisco ASA Software versions 8.6 through 8.6(1.13) Cisco ASA Software versions 8.7 through 8.7(1.12) Cisco ASA Software versions 9.0 through 9.0(4.4) Cisco ASA Software versions 9.1 through 9.1(5.2)

Description The SunRPC inspection engine in Cisco ASA Software allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets. There have been reports of disruption to some devices.

Recommendations For versions 7.2 through 7.2(5.13), update to version 7.2(5.14) or later. For versions 8.2 through 8.2(5.50), update to version 8.2(5.51) or later. For versions 8.3 through 8.3(2.41), update to version 8.3(2.42) or later. For versions 8.4 through 8.4(7.22), update to version 8.4(7.23) or later. For versions 8.5 through 8.5(1.20), update to version 8.5(1.21) or later. For versions 8.6 through 8.6(1.13), update to version 8.6(1.14) or later. For versions 8.7 through 8.7(1.12), update to version 8.7(1.13) or later. For versions 9.0 through 9.0(4.4), update to version 9.0(4.5) or later. For versions 9.1 through 9.1(5.2), update to version 9.1(5.3) or later.