Successful exploitation of the Cisco ASA VPN Failover Command Injection Vulnerability, Cisco ASA VNMC Command Input Validation Vulnerability, and Cisco ASA Local Path Inclusion Vulnerability may result in full compromise of the affected system. Successful exploitation of the Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability, Cisco ASA VPN Denial of Service Vulnerability, Cisco ASA IKEv2 Denial of Service Vulnerability, Cisco ASA Health and Performance Monitor Denial of Service Vulnerability, Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability, Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability, and Cisco ASA DNS Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are independent of one another a release that is affected by one of the vulnerabilities may not be affected by the others.
Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability.Cisco ASA Health and Performance Monitor Denial of Service Vulnerability.Cisco ASA IKEv2 Denial of Service Vulnerability.Cisco ASA VPN Denial of Service Vulnerability.Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability.
Cisco strongly recommends that customers upgrade to aįixed Cisco ASA software release to remediate this issue.Ĭisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Of that device and determined that the traffic was sent with no Traffic causing the disruption was isolated to a cpe:2.2015-July-08 UPDATE: Cisco PSIRT is aware of disruption to someĬisco customers with Cisco ASA devices affected by CVE-2014-3383, theĬisco ASA VPN Denial of Service Vulnerability that was disclosed in this.Known Affected Configurations (CPE V2.3) Type
Affected Vendor/Software: Cisco - Cisco Adaptive Security Appliance (ASA) Software version n/a.The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.CVE-2021-40125 has been assigned by to track the vulnerability - currently rated as MEDIUM severity.A successful exploit could allow the attacker to trigger a reload of the device. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. This vulnerability is due to improper control of a resource. A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device.