Cisco Adaptive Security Appliance (ASA) Certificate resolution Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
Cisco ASA 8.4 (3)
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-5544

The Cisco ASA 5500 Series Adaptive Security Device is a modular platform for providing security and VPN services. It provides firewall, IPS, anti-X, and VPN services.

In Cisco Adaptive Security Appliance (ASA) software 8.4 (3), the VPN authentication code has a Security vulnerability when parsing the certificate username, unauthenticated remote attackers can exploit this vulnerability to cause denial of service (device crash ). This vulnerability is caused by the parallel processing of a large number of IKE requests configured by username-from-cert. Attackers can exploit this vulnerability by sending a large number of IKE requests after the affected device is configured using the username-from-cert command.

<* Source: vendor

Link: http://secunia.com/advisories/55420/
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5544
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Cisco
-----
Cisco has released a Security Bulletin (CVE-2013-5544) and patches for this:

CVE-2013-5544: Cisco asa vpn Denial of Service Vulnerability

Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5544