—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Adaptive Security Appliance Software Direct Authentication Denial of Service Vulnerability

Advisory ID: cisco-sa-20171004-asa

Revision: 1.0

For Public Release: 2017 October 4 16:00 GMT

Last Updated: 2017 October 4 16:00 GMT

CVE ID(s): CVE-2017-12246

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems that have the direct authentication feature enabled. This vulnerability can be triggered by IPv4 or IPv6 traffic.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZ1QWDZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnwAxAAmgTPdTrXLXNVVTHS
5Zau0CdJVoO3NKz3En+HB0d7CiD01E3BDZqgkzYBsrQd0ZrEciXj0Sg0IyFy/rlN
7EKvEey1K0JFqS0wxU+9HmEN3nq6JnBkVLDfs578oTcj922A0dGTxA9rHMStFnCO
HMv7N9Uc6An7GvHAl0wtcaUZf6xlty6p6k9lN0Vxx3zSwr6SngVPAz4/KPFXsoKm
XAPcYBOU/8heKrAwVJ7RZpWRCMXr8BX0mrwJSwZGtrf2Bxf+OgWKVUTRA9NVlcD5
93RfgZyg/bYU26uWtA+UfrrVLKSNwn12/wmaACCJRpaU8WOt2Wn5Xl8YD5XuEKpW
CrmW3now8iKPTQk12C0eNgg7wrUnNf7Z8mqdsDtcSMGqUGNAMrd2ub6I56cXNVcQ
PQ8TS17TmEBZ4kNiRIJaLzyWTsxt2MP75XH09Q2tNdVX72AB9KnPaq1CjGVD8Wm+
9aDiNVlPjK6t+Ss+ntpKus0srzB4yVQTQFCPaTKI4HbHS/2+WCFil4d4d3uFOdmN
n1xo8dSr4IuGy/NB0eexng0CNnn3gqtZw/Ogx0jRFOu/fegr6LKmBECPNzLT4kaN
39IXR+Z+3LKAT1o8DOirRlMBwiDmbe5mwT0XqCe9zRvRAbN0ceOgIdbTjlD8bGsX
ZFl+hRHUxzmUDEeUnIilpnFG6mo=
=M5Ed
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com