PT-2015-1055 · Cisco · Cisco Asa
Alec Stuart-Muirk
·
Published
2015-04-08
·
Updated
2022-05-26
·
CVE-2015-0675
CVSS v2.0
8.3
High
| Vector | AV:A/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Adaptive Security Appliance (ASA) Software versions 9.1 through 9.1(5)
Cisco Adaptive Security Appliance (ASA) Software versions 9.2 through 9.2(3.2)
Cisco Adaptive Security Appliance (ASA) Software versions 9.3 through 9.3(2)
Description
The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software does not properly validate failover communication messages. This allows remote attackers to reconfigure an ASA device and obtain administrative control by sending crafted UDP packets over the local network to the failover interface.
Recommendations
For versions 9.1 through 9.1(5), update to version 9.1(6) or later.
For versions 9.2 through 9.2(3.2), update to version 9.2(3.3) or later.
For versions 9.3 through 9.3(2), update to version 9.3(3) or later.
Fix
RCE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Asa