Purpose
CCIRC is releasing this Advisory UPDATE that contains additional information related to this vulnerability .
Assessment
The detection signatures referenced below are provided to aid organizations in detecting and mitigating malicious exploitation of this vulnerability.
IPS Sigs:
Cisco IPS : 7169-0 , Snort Sig: 36903
Cisco IPS Signature is available in update S908
Suggested Action
Due to the elevated risk presented by this vulnerability, CCIRC recommends that system administrators test and deploy the vendor-released firmware updates to affected versions accordingly. CCIRC recommends that priority is given to these patches.
References:
Cisco ASA Software IKEv1 and IKEv2 Vulnerability Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
Exodus: Execute My Packet
https://blog.exodusintel.com/2016/02/10/firewall-hacking/
Cisco ASA Software Vulnerability
Number: AV16-028
Date: 10 February 2016
Purpose
The purpose of this advisory is to bring attention to recent critical software update that addresses a disclosed vulnerability in Cisco ASA IKEv1 and IKEv2.
Assessment
CCIRC is aware of a recently disclosed vulnerability in Cisco ASA software IKEv1 and IKEv2.
This vulnerability could allow an unauthenticated remote attacker to execute code or cause a reload of the affected system. This is due to a buffer overflow that could be triggered in the current version of the software.
Affected Product :
- Cisco ASA 5500 Series Adaptive Security Appliances
- Cisco ASA 5500-X Series Next-Generation Firewalls
- Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Cisco ASA 1000V Cloud Firewall
- Cisco Adaptive Security Virtual Applicate (ASAv)
- Cisco Firepower 9300 ASA Security Module
- Cisco ISA 3000 Industrial Security Appliance
Suggested Action
Due to the elevated risk presented by this vulnerability, CCIRC recommends that system administrators test and deploy the vendor-released firmware updates to affected versions accordingly. CCIRC recommends that priority is given to these patches.
References:
Cisco ASA Software IKEv1 and IKEv2 Vulnerability Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike