Cisco plugs critical bug in ASA security devices
Cisco has patched a critical vulnerability in the Identity Firewall feature of Cisco ASA Software, which would allow a remote attacker to execute arbitrary code and obtain full control of the system (or cause a reload).
The vulnerability is due to a buffer overflow in the affected code area.
“An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software,” the company explained, but added that only traffic directed to the affected system can be used to exploit it.
Also, the flaw affects systems configured in routed and transparent firewall mode and in single or multiple context mode, and can be triggered by IPv4 traffic.
It is present in software running on a variety of Cisco ASA security appliances, modules, virtual appliances, and firewalls, as well as the Cisco ISA 3000 Industrial Security Appliance.
The company has released both software updates that address the issue and a workaround for those who – for whatever reason – can’t update.
There is no indication that the vulnerability is being exploited in attacks in the wild – it has been reported to Cisco by two researchers from Chaitin Technology.
Simultaneously, the company has published four more advisories, and released software updates for four additional vulnerabilities.
Two could lead to a denial of service condition, and affect the Cisco ASA software and the Cisco Firepower Detection Engine. The remaining two are less critical: an information disclosure and a cross-site request forgery flaw in Cisco Meeting Server.
Admins are advised to implement the updates as soon as possible.