Security Alert (A16-02-04): Vulnerability in Cisco Products

Description:

Cisco has released a security advisory fixing a vulnerability in Cisco security appliances, virtual appliances and services modules:

• Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Due to a buffer overflow in the affected system, an unauthenticated remote attacker could send crafted UDP packets to an affected system to exploit the vulnerability.

Affected Systems:

• Cisco ASA 1000V Cloud Firewall
• Cisco ASA 5500 Series Adaptive Security Appliances (ASA)
• Cisco ASA 5500-X Series Next-Generation Firewalls
• Cisco Adaptive Security Virtual Appliance (ASAv)
• Cisco FirePOWER 9300 ASA Security Module
• Cisco ISA 3000 Industrial Security Appliance
• Systems which are configured to terminate IKEv1 or IKEv2 VPN connections are affected, which include LAN-to-LAN IPsec VPN, Remote access VPN using the IPsec VPN client, Layer 2 Tunneling Protocol (L2TP)-over-IPsec VPN connections and IKEv2 AnyConnect

Impact:

A successful attack could cause a reload of the affected system, arbitrary code execution and full control of the system.

Recommendation:

Patches for affected systems are now available. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.

Users should contact their product support vendors for the fixes and assistance.

More Information:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
https://www.hkcert.org/my_url/en/alert/16021119
https://www.us-cert.gov/ncas/current-activity/2016/02/10/Cisco-Releases-Security-Update
http://www.kb.cert.org/vuls/id/327976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1287