JPCERT-AT-2015-0021
JPCERT/CC
2015-07-14
<<< JPCERT/CC Alert 2015-07-14 >>>
Alert on vulnerability in security appliance software
provided by Cisco
https://www.jpcert.or.jp/english/at/2015/at150021.html
I. Overview
Security appliance software provided by Cisco contains multiple
vulnerabilities. An attacker sending a specially crafted packet may
cause the software to crash or execute arbitrary code. According to
Cisco, they have observed multiple attacks leveraging CVE-2014-3383 on
July 8, 2015 US time. JPCERT/CC has observed multiple scan attempts
to a particular port on July 8, 2015, from 16:00 to around 20:30 Japan
time.
Cisco has released a software update to address these vulnerabilities.
If you are using an affected version of the software, we strongly recommend
updating immediately to the latest version according to the information
provided in "III. Solution".
Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
II. Affected Products
Security appliance software by Cisco in the following products are affected
by these vulnerabilities
- Cisco ASA 5500 Series Adaptive Security Appliances
- Cisco ASA 5500-X Series Next-Generation Firewalls
- Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Cisco ASA 1000V Cloud Firewall
- Cisco Adaptive Security Virtual Appliance (ASAv)
III. Solution
Update the software for the product according to the information
provided by Cisco. For details, please refer to the information provided
by Cisco. If using an affected version of the software, we strongly
recommend updating immediately.
IV. References
Multiple Vulnerabilities in Cisco ASA Software (Revision 3.0)
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
Multiple Vulnerabilities in Cisco ASA Software (Revision 1.0 : Japanese)
http://www.cisco.com/cisco/web/support/JP/112/1126/1126286_cisco-sa-20141008-asa-j.html
* As of this writing, the Japanese advisory has not reflected the
updates made on July 8th, 2015.
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top