Main Vulnerability Database SB2017012601

SB2017012601 - Denial of service in Cisco Adaptive Security Appliance CX Context-Aware Security

Published: January 26, 2017

Security Bulletin ID SB2017012601

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Denial of service (CVE-ID: CVE-2016-9225)

The vulnerability allows a remote attacker to cause denial of service (DoS).

The vulnerability exists within the data plane IP fragment handler of the Adaptive Security Appliance (ASA) CX Context-Aware Security module when processing IP fragments. A remote attacker can send specially crafted fragmented IP traffic across the vulnerable device, exhaust free packet buffers in shared memory (SHM) and trigger denial of service (DoS) conditions.

Successful exploitation of the vulnerability may allow an attacker perform DoS attack against vulnerable device.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas