CVE-2016-1287

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance versions prior to 8.4(7.30) Cisco Adaptive Security Appliance versions prior to 8.7(1.18) Cisco Adaptive Security Appliance versions prior to 9.0(4.38) Cisco Adaptive Security Appliance versions prior to 9.1(7) Cisco Adaptive Security Appliance versions prior to 9.2(4.5) Cisco Adaptive Security Appliance versions prior to 9.3(3.7) Cisco Adaptive Security Appliance versions prior to 9.4(2.4) Cisco Adaptive Security Appliance versions prior to 9.5(2.2)

Description The issue is caused by a buffer overflow in the IKEv1 and IKEv2 implementations, which can be exploited by sending specially crafted UDP packets. This may allow a remote attacker to execute arbitrary code or cause a denial of service, resulting in a device reload.

Recommendations For versions prior to 8.4(7.30), update to 8.4(7.30) or later. For versions prior to 8.7(1.18), update to 8.7(1.18) or later. For versions prior to 9.0(4.38), update to 9.0(4.38) or later. For versions prior to 9.1(7), update to 9.1(7) or later. For versions prior to 9.2(4.5), update to 9.2(4.5) or later. For versions prior to 9.3(3.7), update to 9.3(3.7) or later. For versions prior to 9.4(2.4), update to 9.4(2.4) or later. For versions prior to 9.5(2.2), update to 9.5(2.2) or later. As a temporary workaround, consider restricting access to UDP packets to minimize the risk of exploitation.