CVE-2016-6431

Name of the Vulnerable Software and Affected Versions Cisco ASA Software versions prior to 9.6(1.5)

Description A vulnerability in the local Certificate Authority (CA) feature could allow an unauthenticated, remote attacker to cause a reload of the affected system. The issue is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this by sending a crafted enrollment request to the affected system, specifically through HTTPS packets directed to the Cisco ASA interface where the local CA is allowing user enrollment. This affects systems configured in routed firewall mode and in single or multiple context mode.

Recommendations For versions prior to 9.6(1.5), update to version 9.6(1.5) or later to resolve the issue. As a temporary workaround, consider restricting access to the local CA feature to minimize the risk of exploitation. Additionally, limiting HTTPS packets to the Cisco ASA interface where the local CA is configured can help mitigate the vulnerability.