Cisco ASA failover Command Injection Vulnerability (CVE-2015-0675)
Release date:
Updated on:
Affected Systems:
Cisco ASA 1, 5500
Description:
CVE (CAN) ID: CVE-2015-0675
The Cisco ASA 5500 Series Adaptive Security Device is a modular platform for providing security and VPN services. It provides firewall, IPS, anti-X, and VPN services.
The failover ipsec function of Cisco ASA Software has a security vulnerability. The attacker sends configuration commands to all failover devices through the failover interface, resulting in active and available faulty devices. This vulnerability is caused by the failure to properly handle secure failover communication messages.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20150408-asa) and patches for this:
Cisco-sa-20150408-asa: Multiple Vulnerabilities in Cisco ASA Software
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa
This article permanently updates the link address: