Guest

Preview Tool

Cisco Bug: CSCus11007 - Cisco ASA FirePOWER Crafted Packets DoS Vulnerability

Last Modified

Mar 01, 2018

Products (8)

  • Cisco Firepower Management Center
  • Sourcefire Defense Center 1000 Chassis
  • Sourcefire Defense Center 500 Chassis
  • Cisco FireSIGHT Management Center 750
  • Cisco FireSIGHT Management Center 3500
  • Cisco FireSIGHT Management Center 1500
  • Sourcefire Defense Center 3000 Chassis
  • Cisco Firepower Management Center Virtual Appliance

Known Affected Releases

5.3.1

Description (partial)

Symptom:
A vulnerability in the virtualization layer of the Cisco ASA FirePOWER Services and Cisco ASA Context Aware (CX) Services could allow an unauthenticated, remote attacker to cause the a reload of the affected system.

Cisco has released free software updates that address this vulnerability. The resolution includes upgrading the Cisco ASA FirePOWER Services Software or the Cisco ASA CX Services Software and the Cisco ASA Software. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp

Note: Cisco ASA Software is affected by several other vulnerabilities described in the Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software, cisco-sa-20150408-asa.
Cisco ASA customers should review cisco-sa-20150408-asa before determining an upgrade release for Cisco ASA Software.

Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa

Conditions:
See published Cisco Security Advisory
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.