CVE-2015-0676

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 7.2 through 7.2(5.15) Cisco Adaptive Security Appliance (ASA) Software versions 8.2 through 8.2(5.56) Cisco Adaptive Security Appliance (ASA) Software versions 8.3 through 8.3(2.43) Cisco Adaptive Security Appliance (ASA) Software versions 8.4 through 8.4(7.27) Cisco Adaptive Security Appliance (ASA) Software versions 8.5 through 8.5(1.23) Cisco Adaptive Security Appliance (ASA) Software versions 8.6 through 8.6(1.16) Cisco Adaptive Security Appliance (ASA) Software versions 8.7 through 8.7(1.15) Cisco Adaptive Security Appliance (ASA) Software versions 9.0 through 9.0(4.32) Cisco Adaptive Security Appliance (ASA) Software versions 9.1 through 9.1(6.0) Cisco Adaptive Security Appliance (ASA) Software versions 9.2 through 9.2(3.3) Cisco Adaptive Security Appliance (ASA) Software versions 9.3 through 9.3(2)

Description The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries.

Recommendations For versions 7.2 through 7.2(5.15), update to version 7.2(5.16) or later. For versions 8.2 through 8.2(5.56), update to version 8.2(5.57) or later. For versions 8.3 through 8.3(2.43), update to version 8.3(2.44) or later. For versions 8.4 through 8.4(7.27), update to version 8.4(7.28) or later. For versions 8.5 through 8.5(1.23), update to version 8.5(1.24) or later. For versions 8.6 through 8.6(1.16), update to version 8.6(1.17) or later. For versions 8.7 through 8.7(1.15), update to version 8.7(1.16) or later. For versions 9.0 through 9.0(4.32), update to version 9.0(4.33) or later. For versions 9.1 through 9.1(6.0), update to version 9.1(6.1) or later. For versions 9.2 through 9.2(3.3), update to version 9.2(3.4) or later. For versions 9.3 through 9.3(2), update to version 9.3(3) or later.