-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0041 Title: Multiple Vulnerabilities in Cisco ASA 5500 S and Cisco Catalyst 6500 [1] Version history: 16.03.2012 Initial publication Summary ======= The Cisco AnyConnect ActiveX control contains a buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.[2] CVE-2012-0358 CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) [3] Vulnerable systems ================== •Cisco ASA 5500 Series Adaptive Security Appliances (ASA) •Cisco Catalyst 6500 Series ASA Service Module (ASASM) •Cisco Catalyst 6500 Series Firewall Service Module (FWSM) •Cisco Adaptive Security Appliance Software 7.1 and 7.2 •Cisco Adaptive Security Appliance Software 8.0, 8.1, 8.2, 8.3, 8.4, 8.6 [2] See also [1] Original Details ================ Successful exploitation of any of the vulnerabilities described in this security advisory may allow a remote, unauthenticated attacker to reload the affected system. These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. What can you do? ================ Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities. [2] What to tell your users? ======================== N/A More information ================ [1]http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asa [2]http://www.infosecisland.com/blogview/20708-Cisco-Releases-Multiple-Security-Advisories.html [3]Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJPYyxqOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4NN0A//XNrx+AxR G7kiNoYsHD2u9bXvOyGICB+/uaCIt8CL5kan32ZKpb3h0iqG0JY1qexWT8En7ceQ vlgSkfE8ZPGuaH7uVEvvdnd+G02AwIgC8IuG8VrwPq2r+TYOCv0mOvDk1OR9KLaQ QOop4oeCDd0/UJAV6FpmVF2y6AJHUtIdWmSUgiZHoam0kxsE6E7Cg7w7gkyuYAVL 3+9KaWM/fzs79gbSpE+u08gM+pOXczXtK1thGxYfc0sGUHVpwH2fy2LXPrnD9ppI nlvtCl8ftj652+MuJdFfhFOoSYdVn4oQDHjD96cafV3ldZWRQBvMNHbEFNL8B307 ETv7rcI18SGZfuzYFcxH/AeiZhmCPmfKnu37RMznVEspXL1thuC26eGt/HHyA/oH cmCIqM/jqghlUmnL4P6n7+2CVextemgpvVBwsaPY0vOLD8T+h7bTijtsQucIUWTR PEDnUvRE5liwS20fF7WEw2foZvT/cUr9eJdOqXVOSWEH2jJ8REVTD5P59KuwH9cp QgEPonPni/W75upQBaofM4vqspn+opuR/1PbkICzx9r629UiRm3BTziPcUgGzojg BZW2dbVaajNuLHtAuY9tLT99zGl16RSZdWHg4+PwZ4G+8WsdxjY3eZEX3X+ueZmJ qKOqOIF4Or4oe966WiDuZUUConuP3x9xkGA= =0KUc -----END PGP SIGNATURE-----