cnvd - cnvd-2017-07137

cnvd-2017-07137

Vulnerability from cnvd

Title

Cisco ASA Software DNS拒绝服务漏洞

Description

Cisco Adaptive Security Appliance (ASA) Software是Cisco ASA系列的核心操作系统。 Cisco ASA Software的DNS代码存在拒绝服务漏洞，由于处理专门设计的DNS响应消息上有缺陷，攻击者可利用该漏洞导致受影响设备重新加载或破坏设备本地DNS缓存中的信息。

Severity

中

Patch Name

Cisco ASA Software DNS拒绝服务漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns https://nvd.nist.gov/vuln/detail/CVE-2017-6607 http://www.securityfocus.com/bid/97933

Impacted products

Name
['Cisco 7600 Series Routers', 'Cisco ASA 5500-X Series Next-Generation Firewalls', 'Cisco Adaptive Security Virtual Appliance (ASAv)', 'Cisco Firepower 9300 ASA Security Module', 'Cisco ISA 3000 Industrial Security Appliance', 'Cisco ASA 1000V Cloud Firewall', 'Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches', 'Cisco ASA 5500 Series Adaptive Security Appliances']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97933"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6607"
    }
  },
  "description": "Cisco Adaptive Security Appliance (ASA) Software\u662fCisco ASA\u7cfb\u5217\u7684\u6838\u5fc3\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco ASA Software\u7684DNS\u4ee3\u7801\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5904\u7406\u4e13\u95e8\u8bbe\u8ba1\u7684DNS\u54cd\u5e94\u6d88\u606f\u4e0a\u6709\u7f3a\u9677\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\u6216\u7834\u574f\u8bbe\u5907\u672c\u5730DNS\u7f13\u5b58\u4e2d\u7684\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07137",
  "openTime": "2017-05-22",
  "patchDescription": "Cisco Adaptive Security Appliance (ASA) Software\u662fCisco ASA\u7cfb\u5217\u7684\u6838\u5fc3\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco ASA Software\u7684DNS\u4ee3\u7801\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5904\u7406\u4e13\u95e8\u8bbe\u8ba1\u7684DNS\u54cd\u5e94\u6d88\u606f\u4e0a\u6709\u7f3a\u9677\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\u6216\u7834\u574f\u8bbe\u5907\u672c\u5730DNS\u7f13\u5b58\u4e2d\u7684\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco ASA Software DNS\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco 7600 Series Routers",
      "Cisco ASA 5500-X Series Next-Generation Firewalls",
      "Cisco Adaptive Security Virtual Appliance (ASAv)",
      "Cisco Firepower 9300 ASA Security Module",
      "Cisco ISA 3000 Industrial Security Appliance",
      "Cisco ASA 1000V Cloud Firewall",
      "Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches",
      "Cisco ASA 5500 Series Adaptive Security Appliances"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6607\r\nhttp://www.securityfocus.com/bid/97933",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-27",
  "title": "Cisco ASA Software DNS\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2017-6607 (GCVE-0-2017-6607)

Vulnerability from cvelistv5

Published

2017-04-20 22:00

Modified

2024-08-05 15:33

Severity ?

CWE

CWE-399

Summary

A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Note: Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.12) 9.2(4.18) 9.4(3.12) 9.5(3.2) 9.6(2.2). Cisco Bug IDs: CSCvb40898.

References

URL

Tags

	http://www.securityfocus.com/bid/97933	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038319	vdb-entry, x_refsource_SECTRACK