CISCO : Cisco ASA VPN Failover Command Injection Vulnerability (cisco-sa-20141008-asa)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.105982

Kategorie: CISCO

Titel: Cisco ASA VPN Failover Command Injection Vulnerability (cisco-sa-20141008-asa)

Zusammenfassung: A vulnerability in the VPN code of Cisco ASA Software could; allow an authenticated, remote attacker to submit configuration commands to the standby unit via; the failover interface. As result, an attacker could be able to take full control of both the; active and standby failover units.

Beschreibung: Summary:
A vulnerability in the VPN code of Cisco ASA Software could
allow an authenticated, remote attacker to submit configuration commands to the standby unit via
the failover interface. As result, an attacker could be able to take full control of both the
active and standby failover units.

Vulnerability Insight:
The vulnerability is due to improper implementation of the
internal filter for packets coming from an established VPN tunnel. An attacker could exploit this
vulnerability by sending crafted packets directed to the failover interface IP address.

Vulnerability Impact:
An authenticated, remote attacker could exploit this
vulnerability by connecting to a targeted device and sending malicious configuration requests
through the failover interface to the standby unit. The attacker could modify the configuration
to take control over both the standby and active units, resulting in complete device compromise.

Affected Software/OS:
Cisco ASA version 7.2, 8.2, 8.3, 8.4, 8.6, 9.0, 9.1, 9.2 and
9.3.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-3389
Cisco Security Advisory: 20141008 Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.105982
Kategorie:	CISCO
Titel:	Cisco ASA VPN Failover Command Injection Vulnerability (cisco-sa-20141008-asa)
Zusammenfassung:	A vulnerability in the VPN code of Cisco ASA Software could; allow an authenticated, remote attacker to submit configuration commands to the standby unit via; the failover interface. As result, an attacker could be able to take full control of both the; active and standby failover units.
Beschreibung:	Summary: A vulnerability in the VPN code of Cisco ASA Software could allow an authenticated, remote attacker to submit configuration commands to the standby unit via the failover interface. As result, an attacker could be able to take full control of both the active and standby failover units. Vulnerability Insight: The vulnerability is due to improper implementation of the internal filter for packets coming from an established VPN tunnel. An attacker could exploit this vulnerability by sending crafted packets directed to the failover interface IP address. Vulnerability Impact: An authenticated, remote attacker could exploit this vulnerability by connecting to a targeted device and sending malicious configuration requests through the failover interface to the standby unit. The attacker could modify the configuration to take control over both the standby and active units, resulting in complete device compromise. Affected Software/OS: Cisco ASA version 7.2, 8.2, 8.3, 8.4, 8.6, 9.0, 9.1, 9.2 and 9.3. Solution: See the referenced vendor advisory for a solution. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3389 Cisco Security Advisory: 20141008 Multiple Vulnerabilities in Cisco ASA Software http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
Copyright	Copyright (C) 2015 Greenbone Networks GmbH