[ALUG] Critical bug in Cisco ASA firewalls CVE-2016-1287
Andreas Tauscher
ta at geuka.net
Thu Feb 11 23:10:54 EAT 2016
Cisco released yesterday patches [1] for
ASA 5500 Series Adaptive Security Appliance
ASA 5500-X Series Next-Generation Firewall
ASA Services Module for Cisco Catalyst 6500 Series Switches
Cisco 7600 Series Router
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 9300 ASA Security Module
ISA 3000 Industrial Security Appliance
to fix CVE-2016-1287.
This bug is rated with level 10 - critical.
A single UDP packet sent to port 500 or 4500 is enough to take over the ASA.
The internet storm centre detected already increased traffic on UDP port
500 [2]. It seem it is already active scanned for vulnerable devices.
More details about the bug has exodusintel.com in their blog post
"Execute my packet"[3]
To test if your device is vulnerable, check the running crypto maps:
ciscoasa# show running-config crypto map | include interface
A product is vulnerable if a crypto map is returned.
If you have one of this devices: Update IMMEDIATELY!
Appliances, management switches, routers etc. are not bricks you install
and forget. Frequently check for updates, subscribe to manufacturers
newsletters.
And if the device is EOL: Retire it and replace it with something actual.
Andreas
[1]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
[2]
https://isc.sans.edu/forums/diary/Critical+Cisco+ASA+IKEv2v2+Vulnerability+Active+Scanning+Detected/20719/
[3] https://blog.exodusintel.com/2016/02/10/firewall-hacking/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20160211/565d3499/attachment.pgp>
More information about the Linux
mailing list