Cisco PIX / ASA multiple security vulnerabilities
Published:		23.10.2008
Source:		BUGTRAQ
SecurityVulns ID:		9377
Type:		remote
Level:		6/10
Description:		Windows NT domain authentication bypass, IPv6 DoS, DoS because of memory leak in crypto accelerator

Affected:		CISCO : PIX 7.0
		CISCO : PIX 7.1
		CISCO : PIX 7.2
		CISCO : PIX 8.0
		CISCO : PIX 8.1
CVE:		CVE-2008-3817 (Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator.")
		CVE-2008-3816 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.)
		CVE-2008-3815 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.)

Original document

CISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA (23.10.2008)

Discuss:

Read or add your comments to this news (0 comments)