Info

Disclosure

May 02, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

PIX/ASA contains a flaw that may allow a remote denial of service. The issue is triggered by an unspecified flaw related to the password-management command used in VPN tunnel configuration, and will result in reloading the device.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Security Software

Solution

Upgrade to version 7.1(2)49 or 7.2(2)17 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	PIX	7.1(2)46
		7.1(2)42
		7.1(2)28
		7.1(2)24
		7.1(2)20
		7.1(2)16
		7.1(2)12
		7.1(2)7
		7.1(2)4
		7.1(2)
		7.2(2)14
		7.2(2)10
		7.2(2)2
		7.2(1)
	ASA	7.1(2)46
		7.1(2)42
		7.1(2)28
		7.1(2)24
		7.1(2)20
		7.1(2)16
		7.1(2)12
		7.1(2)7
		7.1(2)4
		7.1(2)
		7.2(2)14
		7.2(2)10
		7.2(2)2
		7.2(1)

References

CVE ID: 2007-2463 (see also: NVD)
Bugtraq ID: 23768
Secunia Advisory ID: 25109
ISS X-Force ID: 34021
Related OSVDB ID: 35330 35331 35333
VUPEN Advisory: ADV-2007-1636
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0022.html
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml
http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/35332

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

PIX

ASA

References

Credit