PT-2009-3718 · Cisco · Cisco Asa 5500 Series+2
Published
2009-04-08
·
Updated
2009-04-28
·
CVE-2009-1159
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Adaptive Security Appliances (ASA) 5500 Series versions 7.2 before 7.2(4)26
Cisco Adaptive Security Appliances (ASA) 5500 Series versions 8.0 before 8.0(4)22
Cisco Adaptive Security Appliances (ASA) 5500 Series versions 8.1 before 8.1(2)12
Cisco PIX Security Appliances versions 7.2 before 7.2(4)26
Cisco PIX Security Appliances versions 8.0 before 8.0(4)22
Cisco PIX Security Appliances versions 8.1 before 8.1(2)12
Description
The issue allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQLNet packets when SQLNet inspection is enabled. Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances.
Recommendations
For Cisco Adaptive Security Appliances (ASA) 5500 Series version 7.2, update to 7.2(4)26 or later.
For Cisco Adaptive Security Appliances (ASA) 5500 Series version 8.0, update to 8.0(4)22 or later.
For Cisco Adaptive Security Appliances (ASA) 5500 Series version 8.1, update to 8.1(2)12 or later.
For Cisco PIX Security Appliances version 7.2, update to 7.2(4)26 or later.
For Cisco PIX Security Appliances version 8.0, update to 8.0(4)22 or later.
For Cisco PIX Security Appliances version 8.1, update to 8.1(2)12 or later.
As a temporary workaround, consider disabling SQL*Net inspection until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Asa 5500 Series
Cisco Asa
Cisco Pix Security Appliances