Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service
Version(s): prior to 4.1(9)
Several vulnerabilities were reported in Cisco Firewall Services Module.
A remote user can send specially crafted DCERPC data through the target device to trigger a stack overflow in the DCERPC inspection engine and execute arbitrary code on the target device or cause the target device to reload [CVE-2012-4661].
Cisco has assigned Cisco bug ID CSCtr27522 to this vulnerability.
A remote user can send specially crafted DCERPC data through the target device to cause the target device to reload [CVE-2012-4662, CVE-2012-4663].
Successful exploitation of either of the vulnerabilities could cause an affected device to reload. Repeated exploitation may result in a DoS condition. Successful exploitation of the DCERPC Inspection Buffer Overflow Vulnerability may cause a stack overflow and permit the execution of arbitrary commands.