PT-2010-2324 · Cisco · Cisco Asa 5500 Series Adaptive Security Appliance+2
Published
2010-02-17
·
Updated
2017-08-17
·
CVE-2010-0567
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Cisco ASA 5500 Series Adaptive Security Appliance versions 7.0 through 7.0(8.9)
Cisco ASA 5500 Series Adaptive Security Appliance versions 7.2 through 7.2(4.44)
Cisco ASA 5500 Series Adaptive Security Appliance versions 8.0 through 8.0(5.0)
Cisco ASA 5500 Series Adaptive Security Appliance versions 8.1 through 8.1(2.36)
Cisco ASA 5500 Series Adaptive Security Appliance versions 8.2 through 8.2(1.14)
Cisco PIX 500 Series Security Appliance (affected versions not specified)
Description
The issue allows remote attackers to cause a denial of service, resulting in active IPsec tunnel loss and prevention of new tunnels, via a malformed IKE message through an existing tunnel to UDP port 4500.
Recommendations
For Cisco ASA 5500 Series Adaptive Security Appliance versions 7.0 through 7.0(8.9), update to version 7.0(8.10) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 7.2 through 7.2(4.44), update to version 7.2(4.45) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 8.0 through 8.0(5.0), update to version 8.0(5.1) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 8.1 through 8.1(2.36), update to version 8.1(2.37) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 8.2 through 8.2(1.14), update to version 8.2(1.15) or later.
For Cisco PIX 500 Series Security Appliance, at the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Asa 5500 Series Adaptive Security Appliance
Cisco Asa
Cisco Pix 500 Series Security Appliance