cnvd - cnvd-2017-33343

cnvd-2017-33343

Vulnerability from cnvd

Title

Cisco Adaptive Security Appliance Software拒绝服务漏洞（CNVD-2017-33343）

Description

Cisco ASA 5500系列自适应安全设备是用于提供安全和VPN服务的模块化平台，可提供防火墙、IPS、anti-X和VPN服务。 Cisco Adaptive Security Appliance (ASA) Software的直接验证功能存在安全漏洞，未经身份验证的远程攻击者可造成受影响设备重载，拒绝服务。

Severity

高

Patch Name

Cisco Adaptive Security Appliance Software拒绝服务漏洞（CNVD-2017-33343）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa http://www.securityfocus.com/bid/101165

Impacted products

Name
['Cisco Adaptive Security Appliance (ASA) Software', 'Cisco ASA 5500-X Series Firewalls 9.8(0.56)', 'Cisco ASA 5500-X Series Firewalls 9.7(1)', 'Cisco ASA 5500-X Series Firewalls 9.4(3)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101165"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12246"
    }
  },
  "description": "Cisco ASA 5500\u7cfb\u5217\u81ea\u9002\u5e94\u5b89\u5168\u8bbe\u5907\u662f\u7528\u4e8e\u63d0\u4f9b\u5b89\u5168\u548cVPN\u670d\u52a1\u7684\u6a21\u5757\u5316\u5e73\u53f0\uff0c\u53ef\u63d0\u4f9b\u9632\u706b\u5899\u3001IPS\u3001anti-X\u548cVPN\u670d\u52a1\u3002\r\n\r\nCisco Adaptive Security Appliance (ASA) Software\u7684\u76f4\u63a5\u9a8c\u8bc1\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u9020\u6210\u53d7\u5f71\u54cd\u8bbe\u5907\u91cd\u8f7d\uff0c\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33343",
  "openTime": "2017-11-09",
  "patchDescription": "Cisco ASA 5500\u7cfb\u5217\u81ea\u9002\u5e94\u5b89\u5168\u8bbe\u5907\u662f\u7528\u4e8e\u63d0\u4f9b\u5b89\u5168\u548cVPN\u670d\u52a1\u7684\u6a21\u5757\u5316\u5e73\u53f0\uff0c\u53ef\u63d0\u4f9b\u9632\u706b\u5899\u3001IPS\u3001anti-X\u548cVPN\u670d\u52a1\u3002\r\n\r\nCisco Adaptive Security Appliance (ASA) Software\u7684\u76f4\u63a5\u9a8c\u8bc1\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u9020\u6210\u53d7\u5f71\u54cd\u8bbe\u5907\u91cd\u8f7d\uff0c\u62d2\u7edd\u670d\u52a1\u3002\r\n\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Adaptive Security Appliance Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-33343\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Adaptive Security Appliance (ASA) Software",
      "Cisco ASA 5500-X Series Firewalls 9.8(0.56)",
      "Cisco ASA 5500-X Series Firewalls 9.7(1)",
      "Cisco ASA 5500-X Series Firewalls 9.4(3)"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa\r\nhttp://www.securityfocus.com/bid/101165",
  "serverity": "\u9ad8",
  "submitTime": "2017-10-09",
  "title": "Cisco Adaptive Security Appliance Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-33343\uff09"
}

CVE-2017-12246 (GCVE-0-2017-12246)

Vulnerability from cvelistv5

Published

2017-10-05 07:00

Modified

2024-08-05 18:28

Severity ?

CWE

CWE-399

Summary

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products: ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, ISA 3000 Industrial Security Appliance. Cisco Bug IDs: CSCvd59063.

References

URL

Tags

	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039503	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/101165	vdb-entry, x_refsource_BID