Vigil@nce: Cisco ASA-CX, PRSM, denial of service via /var/log
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malicious IPv4 packets, in order to fill the
/var/log partition, and then to create a denial of service on
Cisco ASA CX Context-Aware Security and Cisco Prime Security
Manager.
– Impacted products: ASA, Cisco Prime
– Severity: 2/4
– Creation date: 13/09/2012
DESCRIPTION OF THE VULNERABILITY
The Cisco ASA CX Context-Aware Security product extends features
of ASA platforms.
The Cisco Prime Security Manager (PRSM) product is used to manage
Cisco ASA-CX.
Systems of these products use a /var/log partition to store logged
messages. However, when this partition is filled, the products
become unresponsive and stop processing traffic.
An attacker can therefore send malicious IPv4 packets, in order to
fill the /var/log partition, and then to create a denial of
service on Cisco ASA CX Context-Aware Security and Cisco Prime
Security Manager.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-ASA-CX-PRSM-denial-of-service-via-var-log-11937