CISCO : Cisco ASA VPN Failover Command Injection Vulnerability (cisco-sa-20141008-asa)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105982

Categoría: CISCO

Título: Cisco ASA VPN Failover Command Injection Vulnerability (cisco-sa-20141008-asa)

Resumen: A vulnerability in the VPN code of Cisco ASA Software could; allow an authenticated, remote attacker to submit configuration commands to the standby unit via; the failover interface. As result, an attacker could be able to take full control of both the; active and standby failover units.

Descripción: Summary:
A vulnerability in the VPN code of Cisco ASA Software could
allow an authenticated, remote attacker to submit configuration commands to the standby unit via
the failover interface. As result, an attacker could be able to take full control of both the
active and standby failover units.

Vulnerability Insight:
The vulnerability is due to improper implementation of the
internal filter for packets coming from an established VPN tunnel. An attacker could exploit this
vulnerability by sending crafted packets directed to the failover interface IP address.

Vulnerability Impact:
An authenticated, remote attacker could exploit this
vulnerability by connecting to a targeted device and sending malicious configuration requests
through the failover interface to the standby unit. The attacker could modify the configuration
to take control over both the standby and active units, resulting in complete device compromise.

Affected Software/OS:
Cisco ASA version 7.2, 8.2, 8.3, 8.4, 8.6, 9.0, 9.1, 9.2 and
9.3.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3389
Cisco Security Advisory: 20141008 Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105982
Categoría:	CISCO
Título:	Cisco ASA VPN Failover Command Injection Vulnerability (cisco-sa-20141008-asa)
Resumen:	A vulnerability in the VPN code of Cisco ASA Software could; allow an authenticated, remote attacker to submit configuration commands to the standby unit via; the failover interface. As result, an attacker could be able to take full control of both the; active and standby failover units.
Descripción:	Summary: A vulnerability in the VPN code of Cisco ASA Software could allow an authenticated, remote attacker to submit configuration commands to the standby unit via the failover interface. As result, an attacker could be able to take full control of both the active and standby failover units. Vulnerability Insight: The vulnerability is due to improper implementation of the internal filter for packets coming from an established VPN tunnel. An attacker could exploit this vulnerability by sending crafted packets directed to the failover interface IP address. Vulnerability Impact: An authenticated, remote attacker could exploit this vulnerability by connecting to a targeted device and sending malicious configuration requests through the failover interface to the standby unit. The attacker could modify the configuration to take control over both the standby and active units, resulting in complete device compromise. Affected Software/OS: Cisco ASA version 7.2, 8.2, 8.3, 8.4, 8.6, 9.0, 9.1, 9.2 and 9.3. Solution: See the referenced vendor advisory for a solution. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3389 Cisco Security Advisory: 20141008 Multiple Vulnerabilities in Cisco ASA Software http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
Copyright	Copyright (C) 2015 Greenbone Networks GmbH