tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesBuffer Overflow Vulnerability in Cisco ASA Software Products Could Allow for Remote Code Execution

Buffer Overflow Vulnerability in Cisco ASA Software Products Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2016-031

DATE(S) ISSUED:

02/11/2016

OVERVIEW:

A buffer overflow vulnerability has been discovered in Cisco ASA Adaptive Security Appliances. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.

THREAT INTELLIGENCE:

This exploit has been publicly disclosed. There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco ASA 1000V Cloud Firewall
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Firepower 9300 ASA Security Module
  • Cisco ISA 3000 Industrial Security Appliance

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
N/A

TECHNICAL SUMMARY:

Cisco ASA Software IKEv1 and IKEv2 are prone to a buffer overflow vulnerability that could allow for an unauthenticated user to cause a reload of the affected system or to remotely execute code. The algorithm for re-assembling Internet Key Exchange (IKE) payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with specially crafted UDP packets.

RECOMENDATIONS:

We recommend the following actions be taken:

Install updates provided by Cisco immediately after appropriate testing.

Verify no unauthorized system modifications have occurred on system before applying patch.

Monitor intrusion detection systems for any signs of anomalous activity.

Unless required, limit external network access to affected products.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation Arrow CIS Control 11: Secure Configurations for Network Devices CIS Benchmark and Other Tools for Related Technology Arrow Cisco