Buffer Overflow Vulnerability in Cisco ASA Software Products Could Allow for Remote Code Execution

ITS Advisory Number: 
2016-029
Date(s) Issued: 
Thursday, February 11, 2016
Subject: 
Buffer Overflow Vulnerability in Cisco ASA Software Products Could Allow for Remote Code Execution
Overview: 

A buffer overflow vulnerability has been discovered in Cisco ASA Adaptive Security Appliances. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.

Systems Affected: 
  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco ASA 1000V Cloud Firewall
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Firepower 9300 ASA Security Module
  • Cisco ISA 3000 Industrial Security Appliance
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
N/A
Description: 

Cisco ASA Software IKEv1 and IKEv2 are prone to a buffer overflow vulnerability that could allow for an unauthenticated user to cause a reload of the affected system or to remotely execute code. The algorithm for re-assembling Internet Key Exchange (IKE) payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with specially crafted UDP packets.

Actions: 
  • Install updates provided by Cisco immediately after appropriate testing.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Monitor intrusion detection systems for any signs of anomalous activity.
  • Unless required, limit external network access to affected products.