CVE-2017-6609

Name of the Vulnerable Software and Affected Versions Cisco ASA Software versions prior to 9.1(7.8) Cisco ASA Software versions prior to 9.2(4.15) Cisco ASA Software versions prior to 9.4(4) Cisco ASA Software versions prior to 9.5(3.2) Cisco ASA Software versions prior to 9.6(2)

Description A vulnerability in the IPsec code could allow an authenticated, remote attacker to cause a reload of the affected system. The issue is due to improper parsing of malformed IPsec packets. An attacker could exploit this by sending malformed IPsec packets to the affected system, but only traffic directed to the system can be used for exploitation. This affects systems in routed firewall mode, single or multiple context mode, and can be triggered by IPv4 and IPv6 traffic. Establishing a valid IPsec tunnel is necessary before exploitation.

Recommendations For versions prior to 9.1(7.8), update to version 9.1(7.8) or later. For versions prior to 9.2(4.15), update to version 9.2(4.15) or later. For versions prior to 9.4(4), update to version 9.4(4) or later. For versions prior to 9.5(3.2), update to version 9.5(3.2) or later. For versions prior to 9.6(2), update to version 9.6(2) or later.