Guest

Preview Tool

Cisco Bug: CSCur45455 - ASA crashes in DHCPV6 Relay agent feature Functionality

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(5)

Description (partial)

Symptom:
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) software could allow an unauthenticated, remote attacker
to cause an affected device to reload.

The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this vulnerability only if the software
is configured with the DHCPv6 relay feature. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device.


Note: Only DHCPv6 packets directed to the Cisco ASA interface where the DHCPv6 relay is enabled can be used to trigger this vulnerability. This
vulnerability affects systems configured in routed or transparent firewall mode and in single or multiple context mode. This vulnerability can be
triggered only by IPv6 traffic. 

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150115-asa-dhcp

Conditions:
See Security Advisory
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.