CVE-2017-12299

Name of the Vulnerable Software and Affected Versions Cisco ASA Next-Generation Firewall Services (affected versions not specified)

Description A vulnerability exists in the process of creating default IP blocks during device initialization that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. This is due to an implementation error in the process of creating default IP blocks when the device is initialized and how those IP blocks interact with user-configured filters for local IP management traffic, such as SSH to the device. An attacker could exploit this by sending traffic to the local IP address of the targeted device, potentially allowing the attacker to connect to the device even when filters are configured to deny the traffic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.