Cisco pushed out patches for two products this week, addressing a handful of vulnerabilities in its Firewall Services Module (FWSM) software and Adaptive Security Appliance (ASA) software.
According to security updates posted on the company’s Advisory page yesterday, at least nine separate vulnerabilities exist in ASA:
- IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability
- SQL*Net Inspection Engine Denial of Service Vulnerability
- Digital Certificate Authentication Bypass Vulnerability
- Remote Access VPN Authentication Bypass Vulnerability
- Digital Certificate HTTP Authentication Bypass Vulnerability
- HTTP Deep Packet Inspection Denial of Service Vulnerability
- DNS Inspection Denial of Service Vulnerability
- AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability
- Clientless SSL VPN Denial of Service Vulnerability
Five of the nine can either reload an affected device or lead to a denial of service (DoS) condition.
Three of the nine can result in an authentication bypass and give an attacker access to a network via remote access VPN or management access via Cisco’s Adaptive Security Device Management (ASDM) tool.
The last ASA vulnerability deals with Cisco’s AnyConnect SSL VPN and could also lead to a denial of service. If executed, an attacker could exhaust memory, making the system unstable, unresponsive and ultimately stop forwarding traffic.
ASA is a suite of security solutions that users use to deploy antivirus, antispam, antiphishing, and web filtering services, among other capabilities.
Two vulnerabilities exist in Cisco’s FWSM software, a type of software that primarily handles a series of routers and switches for Cisco networks.
The first one is a big one however. If an attacker successfully exploits the Command Authorization vulnerability, it can “result in a complete compromise of the confidentiality, integrity and availability of the affected system.” The second vulnerability in FWSM is also present in ASA and deals with the SQL *Net Inspection functionality. Like some of the ASA vulnerabilities it can also lead to a denial of service condition if exploited.
While Cisco’s Product Security Incident Response Team (PSIRT) isn’t currently aware of any attacks targeting the vulnerabilities and workarounds exist for a few of them, patches for all vulnerabilities are available through its regular update channels.