You are here

V-232: Cisco ASA Software TFTP Protocol Inspection Denial of Service Vulnerability

August 31, 2013 - 4:00am

Addthis

PROBLEM:

A vulnerability has been reported in Cisco ASA Software, which can be exploited by malicious  people to cause a DoS (Denial of Service).

PLATFORM:

Cisco Adaptive Security Appliance (ASA) 8.x, Cisco Adaptive Security Appliance (ASA) 9.x, Cisco ASA 5500-X Series Adaptive Security Appliances

ABSTRACT:

The vulnerability is reported in versions 8.4(5.7), 8.4(6), 9.0(2.3), 9.1(1.5), and 9.1(2.1). Other versions may also be affected.

REFERENCE LINKS:

Secunia Advisory SA54699
CVE-2013-3463
Cisco (CSCuh13899)   
 

IMPACT ASSESSMENT:

Low

DISCUSSION:

A vulnerability has been reported in Cisco ASA Software, which can be exploited by malicious people to cause a DoS (Denial of Service).The vulnerability is caused due to an error within the idle timeout implementation when handling inspect based TFTP connections and can be exploited to exhaust the connection table and stop the device from accepting new connections by sending specially crafted requests.

IMPACT:

Denial of Service

SOLUTION:

 
Update to a fixed version.
 

Addthis