Lucene search

CiscoCISCO-SA-20150115-ASA-DHCP

HistoryJan 15, 2015 - 5:54 p.m.

Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability

2015-01-1517:54:09

tools.cisco.com

CVSS2

5.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:N/I:N/A:C

EPSS

0.006

Percentile

78.7%

JSON

A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device.

Note: Only DHCPv6 packets directed to the Cisco ASA
interface where the DHCPv6 relay feature is enabled can be used to trigger this
vulnerability. This vulnerability affects
systems configured in routed or transparent firewall mode and in single
or multiple
context mode. This vulnerability can be triggered only by IPv6 traffic.

This vulnerability is documented in Cisco bug ID CSCur45455[“https://bst.cloudapps.cisco.com/bugsearch/bug/CSCur45455”] (registered[“https://sec.cloudapps.cisco.comRPF/register/register.do”] customers only) and has been assigned CVE ID CVE-2015-0578.

Cisco has released software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150115-asa-dhcp[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150115-asa-dhcp”]

Affected configurations

Vulners

Node

ciscoadaptive_security_appliance_softwareMatch9.0

ciscoadaptive_security_appliance_softwareMatch9.1

ciscoadaptive_security_appliance_softwareMatch9.2

ciscoadaptive_security_appliance_softwareMatch9.3

ciscoadaptive_security_appliance_softwareMatch9.0.1

ciscoadaptive_security_appliance_softwareMatch9.0.2

ciscoadaptive_security_appliance_softwareMatch9.0.2.10

ciscoadaptive_security_appliance_softwareMatch9.0.3

ciscoadaptive_security_appliance_softwareMatch9.0.3.6

ciscoadaptive_security_appliance_softwareMatch9.0.3.8

ciscoadaptive_security_appliance_softwareMatch9.0.4

ciscoadaptive_security_appliance_softwareMatch9.0.4.1

ciscoadaptive_security_appliance_softwareMatch9.0.4.5

ciscoadaptive_security_appliance_softwareMatch9.0.4.17

ciscoadaptive_security_appliance_softwareMatch9.0.4.20

ciscoadaptive_security_appliance_softwareMatch9.0.4.24

ciscoadaptive_security_appliance_softwareMatch9.0.4.7

ciscoadaptive_security_appliance_softwareMatch9.0.4.26

ciscoadaptive_security_appliance_softwareMatch9.0.4.29

ciscoadaptive_security_appliance_softwareMatch9.0.4.33

ciscoadaptive_security_appliance_softwareMatch9.0.4.35

ciscoadaptive_security_appliance_softwareMatch9.1.1

ciscoadaptive_security_appliance_softwareMatch9.1.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.2

ciscoadaptive_security_appliance_softwareMatch9.1.3

ciscoadaptive_security_appliance_softwareMatch9.1.2.8

ciscoadaptive_security_appliance_softwareMatch9.1.3.2

ciscoadaptive_security_appliance_softwareMatch9.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.4.5

ciscoadaptive_security_appliance_softwareMatch9.1.5

ciscoadaptive_security_appliance_softwareMatch9.1.5.10

ciscoadaptive_security_appliance_softwareMatch9.1.5.12

ciscoadaptive_security_appliance_softwareMatch9.1.5.15

ciscoadaptive_security_appliance_softwareMatch9.2.1

ciscoadaptive_security_appliance_softwareMatch9.2.2

ciscoadaptive_security_appliance_softwareMatch9.3.1

ciscoadaptive_security_appliance_softwareMatch9.3.1.1

ciscoadaptive_security_appliance_softwareMatch9.3.2

ciscoadaptive_security_appliance_softwareMatch9.3.2.2

ciscoadaptive_security_appliance_softwareMatch9.3.3

ciscoadaptive_security_appliance_softwareMatch9.3.3.1

VendorProductVersionCPE
ciscoadaptive_security_appliance_software9.0cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.2cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.3cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.2cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.2.10cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.3cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.3.6cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.3.8cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	9.0	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:::::::*
cisco	adaptive_security_appliance_software	9.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:::::::*
cisco	adaptive_security_appliance_software	9.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2:::::::*
cisco	adaptive_security_appliance_software	9.3	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3:::::::*
cisco	adaptive_security_appliance_software	9.0.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:::::::*
cisco	adaptive_security_appliance_software	9.0.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:::::::*
cisco	adaptive_security_appliance_software	9.0.2.10	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:::::::*
cisco	adaptive_security_appliance_software	9.0.3	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:::::::*
cisco	adaptive_security_appliance_software	9.0.3.6	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:::::::*
cisco	adaptive_security_appliance_software	9.0.3.8	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:::::::*