CVE-2016-1379

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 9.0 through 9.5.1

Description The issue is related to the mishandling of IPsec error processing, which can be exploited by remote authenticated users to cause a denial of service (memory consumption) via crafted LAN-to-LAN or Remote Access VPN tunnel packets. This may cause the system to stop forwarding traffic and result in a denial of service (DoS) condition.

Recommendations For versions 9.0 through 9.5.1, consider restricting access to IPsec functionality until a patch is available. As a temporary workaround, consider disabling the IPsec code to minimize the risk of exploitation. Avoid using crafted LAN-to-LAN or Remote Access VPN tunnel packets in the affected API endpoints until the issue is resolved.