-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0080 Title: Several Vulnerabilities and Security Notices in multiple Cisco products Version history: 21.10.2013 Initial publication Summary ======= Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability SQL*Net Inspection Engine Denial of Service Vulnerability Digital Certificate Authentication Bypass Vulnerability Remote Access VPN Authentication Bypass Vulnerability Digital Certificate HTTP Authentication Bypass Vulnerability HTTP Deep Packet Inspection Denial of Service Vulnerability DNS Inspection Denial of Service Vulnerability AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability Clientless SSL VPN Denial of Service Vulnerability Crafted ICMP Packet Denial of Service Vulnerability These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. [1] A vulnerability in the attachment service of Cisco Unity Connection, known as Cisco Unity Web Service or as Voice Message Web Service (VMWS), could allow an authenticated, remote attacker to place files in arbitrary locations on an affected device. [2] A vulnerability in the Baseboard Management Controller (BMC) of the Cisco Unified Computing System could allow an authenticated, local attacker to inject arbitrary commands on the underlying operating system with elevated privileges. [3] A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to view arbitrary files on the underlying filesystem. [4] A vulnerability in the Fabric Interconnect KVM module of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. [5] A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture or modify KVM virtual media traffic. [6] A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture KVM media connection credentials. [7] A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. [8] Vulnerable systems ================== Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA 5500-X Next Generation Firewall Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall [1] Cisco Unity Web Service Cisco Voice Message Web Service [2] Baseboard Management Controller [3] Cisco Unified Computing System [4] [5] [6] [7] [8] What can you do? ================ Please review the patch/release notes for your product and version. What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa [2] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5534 [3] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4112 [4] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4113 [5] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4114 [6] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115 [7] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4116 [8] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4117 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJSYUMuAAoJEPpzpNLI8SVobkQP/RSquXEIu9vsai1ujQEH9KRu QsmdRZPXwNOZ4RBOT3MEPfPG1afO9799B47r+ChjXBufZUO3SQtDv2zDeLl6Bc6m g4mtH/tPKc8hLBT19f+WZrBtDl+YfIKu7deWFzxvt3lAzzCGxJKWLX+p1ihk6Yci u9iD6vXcv6hJLFcX77MT7Af+Mkw6iWhxNJTAwGJOd8OQSJYQIPuKjrV5XGooiRSN X1cCbTe5grTK+HBqqZeXB8yvX0ThDno3dEzHcQWpTiBlPLI+nJDumY3B5k++oUU5 nPSMZLcccBk3FezXS07lXLAaOnTHe9C+xTT7j3mB5B/L7Gm1oHuz4bgo0vNNqOFt Y6Lw3yug1vLkciaEwEepCzRXgoxsNmoFedJAkLVYw1F9ZFkYvfIBeTg1sE6hCaxw /Kx7vMbTMXXYw4frTsu18E/HHJlDbRhAs+QYY9fOlWpfvhgzuGdBBzducTmkG2ZM ZlQbMJPHixxmxddu+Z+EOKCSoimQp1GX3e9pMhQ74FFCXkn9EH2OBeznXFpBR2Rz p0AVmyaJgEc+43KlzN8K5o2O9k9Cg/EUc7AAXtRyYD5MQ8r7cZNq2ac9wqfAdjOJ br6BEUbh5WQD1AV/Zh7JMS5xffHcbsKPx4NHsFP5/ljB2s9EsIbq70ifKvlJ9GWQ UIClMzzeFAQ4qICy4uVF =nO8k -----END PGP SIGNATURE-----