Networks Training

  • About
  • My Books
  • SUGGESTED TRAINING
  • HOME
  • Cisco Networking
    • Cisco General
    • Cisco IOS
    • Cisco VPN
    • Cisco Wireless
  • Cisco ASA
    • Cisco ASA General
    • Cisco ASA Firewall Configuration
  • Certifications Training
    • CCNA Training
    • Cisco Certifications
    • I.T Training
  • General
    • General Networking
    • IP Telephony
    • Network Security
    • Product Reviews
    • Software
  • Cisco Routers
  • Cisco Switches
You are here: Home / Cisco General / Latest Vulnerabilities in Cisco PIX and ASA.

Latest Vulnerabilities in Cisco PIX and ASA.

On October 22, Cisco announced three vulnerabilities in the Cisco ASA 5500 series and PIX Firewall models running software versions 7.x and 8.x. ( See Cisco Security Advisory) The three security issues identified are the following:

  • Windows NT Domain Authentication Bypass Vulnerability
  • Cisco ASA or PIX security appliances configured for IPSec or SSL-based remote access VPNs using Windows NT Domain Authentication are vulnerable because of a Windows NT Domain authentication issue.

  • IPv6 Denial of Service Vulnerability
  • A specially crafted IPv6 packet may cause the Cisco ASA and Cisco PIX security appliances to reload. Devices that are running software version 7.2(4)9 or 7.2(4)10 and configured for IPv6 may be vulnerable. This vulnerability does not affect devices that are configured only for IPv4. Only packets that are destined to the device (not transiting the device) may trigger the effects of this vulnerability. These packets must be destined to an interface configured for IPv6.

  • Crypto Accelerator Memory Leak Vulnerability
  • The Cisco ASA security appliances may experience a memory leak triggered by a series of packets. This memory leak occurs in the initialization code for the hardware crypto accelerator. Only packets destined to the device may trigger this vulnerability.

To fix the above security issues, the following Software releases must be used:

Vulnerability Affected Release First Fixed Version
Windows NT Domain Authentication Bypass Vulnerability 7.0 7.0(8)3
7.1 7.1(2)78
7.2 7.2(4)16
8.0 8.0(4)6
8.1 8.1(1)13
IPv6 Denial of Service Vulnerability 7.0 Not Vulnerable
7.1 Not Vulnerable
7.2 7.2(4)11
8.0 Not Vulnerable
8.1 Not Vulnerable
Crypto Accelerator Memory Leak Vulnerability 7.0 Not Vulnerable
7.1 Not Vulnerable
7.2 Not Vulnerable
8.0 8.0(4)
8.1 8.1(2)

To upgrade the software image on either the PIX or ASA firewalls, use the copy tftp: flash: command, and then use boot system flash:/filename in Configuration Mode to instruct the firewall to boot from the new software image.

Related Posts

  • What is Cisco Meraki ? Some FAQ About Cisco Meraki You Need to Know
  • What is Cisco Identity Services Engine (ISE)? Use Cases, How it is Used etc
  • Readers Favorite Posts – Articles Liked by our Visitors
  • Cisco IOS Command Line Interface (CLI) Keyboard Shortcuts
  • Where to Buy Refurbished & Used Cisco Equipment (Switches, Routers etc)

Filed Under: Cisco General

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Comments

  1. Daniel Craig says

    November 25, 2008 at 9:00 pm

    Hi there, I was looking around for a while searching for network security vulnerabilities and I happened upon this site and your post regarding Vulnerabilities in Cisco PIX and ASA. | CiscoTips, I will definitely this to my network security vulnerabilities bookmarks!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search this site

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

Search

Suggested Cisco Training

CISCO CERTIFICATION TRAINING
CISCO CCNA 200-120 TRAINING
CCNA SECURITY 640-554 TRAINING
CCENT ICND1 TRAINING
CISCO ICND2 TRAINING
CISCO CCNP TRAINING

BLOGROLL

Tech21Century
Firewall.cx

Copyright © 2022 | Privacy Policy | Terms and Conditions | Hire Me | Contact | Amazon Disclaimer | Delivery Policy

0 shares