-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2013-0041
 
Title: Cisco ASA Software Vulnerability
 
Version history:
26.04.2013 Initial publication

Summary
=======
Cisco ASA has several vulnerabilities related with VPN software.

A vulnerability in the implementation of the rewriter module of the Cisco Adaptive Security Appliance (ASA) Clientless SSL VPN could allow an authenticated, remote attacker to cause a reload of the affected system.


CVE numbers:

CVE-2013-1194 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) [1]
CVE-2013-1199 4.9 (MEDIUM) (AV:N/AC:H/Au:S/C:N/I:N/A:C) [2]

Vulnerable systems
==================

It depends on the vulnerabilite confront original information.

Original Details
================
* A vulnerability in the Internet Security Association and Key Management 
Protocol (ISAKMP) implementation in Cisco Adaptive Security Appliance (ASA) 
Software could allow an unauthenticated, remote attacker to enumerate remote 
access VPN groups configured in a Cisco ASA device. (CVE-2013-1194) [3]

* A vulnerability in the implementation of the rewriter module of the Cisco 
Adaptive Security Appliance (ASA) Clientless SSL VPN could allow an 
authenticated, remote attacker to cause a reload of the affected system. (CVE-2013-1199) [4]

What can you do?
================
Patches can be donload from the cisco original advisory. [5]

What to tell your users?
========================
N/A

More information
================

[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1194
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1199
[3] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1194
[4] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1199
[5] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJReoVcAAoJEPpzpNLI8SVoLYQP/jOiebaFI8cZVpfyqyyN7fw3
KgHjdppCQ7x9ymFlhBMpVfOXamVYbNnhDu+Y00+G4MoGvKHJGaIDUGabuA4uYh7H
cogmkDRrgC/zzCXF7qDzor9muP1xQU+ECNRIM0HQ3EJ/wJMoMSYKuz7EHimVpCdi
AhSIhRekTxJVWsxUK6WhPDgIBJbeyAAUdRe4y38LWiJaruDagoTlZ4NDObhlL6KM
y+S0DWlr8rUGgU6VaXUyy8FhtsnVk9O9R8NWvMFGRpM5QYmH2R3vT2VMtDy7AnYG
Mr6TBQAGTIh1QzqGzEq3GcHAvhhvYzyAjZWnh6lh9lAw72VaU0L18rMKhl8iJlxK
xolcnYZwJazp77x9aGNc1DTDQrigI/HVyRrMv2DpENdMlR14jEJ6mapL1Xo3giG+
RuMz5hbEkYU/soXLCXFInbHsT73dwKoTCzDDVqgYMDsRVWdK1UEa2GDGo1bUqrnZ
zACVp6UK7+OWNTcduv9xcWCerFzrwS8HP8j9/NB5looBXVGRzMLcLXLjNS5pNUZM
1eQXIAWSPqvlkYirZQPRRM42o992/g8aXeHnGILoJueg1al3i82mX5vAZLdBTkTW
LNuCzq3CT4rzIc/OcS8UQg+Ky6Arp0wVL0JmcW9/UotSKDBSWvYncX/ZBw6kD7iD
IP49a6dUJbk/boLf2/ah
=cCCJ
-----END PGP SIGNATURE-----