Vigil@nce: Cisco PIX/ASA, vulnerabilities of SIP or VPN
September 2008 by Vigil@nce
SYNTHESIS
Several vulnerabilities impact SIP or VPN features of Cisco
PIX/ASA, and lead to denials of service or to information
disclosure.
Gravity: 3/4
Consequences: user access/rights, data reading, denial of service
of service
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 04/09/2008
Identifier: VIGILANCE-VUL-8083
IMPACTED PRODUCTS
– Cisco PIX/ASA Software [confidential versions]
DESCRIPTION
Several vulnerabilities were announced in Cisco PIX/ASA.
When the SIP inspection is enabled, an attacker can send malicious
data in order to create several denials of service (versions prior
to 7.0(7)16, 7.1(2)71, 7.2(4)7, 8.0(3)20 and 8.1(1)8). [grav:3/4;
CSCsk60581, CSCsq07867, CSCsq39315, CSCsq57091, CVE-2008-2732]
An attacker can force a reload by using IPSec (versions prior to
7.2(4)2, 8.0(3)14 and 8.1(1)4). [grav:3/4; CSCso69942,
CVE-2008-2733]
An attacker can use a SSL VPN to create a memory leak leading to a
denial of service (versions prior to 7.2(4)2, 8.0(3)14 and
8.1(1)4). [grav:2/4; CSCso66472, CVE-2008-2734]
An attacker can use a SSL VPN to create an error in uri handling
leading to a denial of service (versions prior to 8.0(3)15 and
8.1(1)5). [grav:3/4; CSCsq19369, CVE-2008-2735]
An attacker can obtain the VPN login and password of a user
(versions prior to 8.0(3)16 and 8.1(1)6). [grav:3/4; CSCsq45636,
CVE-2008-2736]
CHARACTERISTICS
Identifiers: 107475, BID-30998, cisco-sa-20080903-asa, CSCsk60581,
CSCso66472, CSCso69942, CSCsq07867, CSCsq19369, CSCsq39315, CSCsq45636, CSCsq57091, CVE-2008-2732, CVE-2008-2733, CVE-2008-2734, CVE-2008-2735, CVE-2008-2736, VIGILANCE-VUL-8083