nabz0r Veteran Posted October 9, 2014 Veteran Share Posted October 9, 2014 FYI Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability Cisco ASA VPN Denial of Service Vulnerability Cisco ASA IKEv2 Denial of Service Vulnerability Cisco ASA Health and Performance Monitor Denial of Service Vulnerability Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability Cisco ASA DNS Inspection Engine Denial of Service Vulnerability Cisco ASA VPN Failover Command Injection Vulnerability Cisco ASA VNMC Command Input Validation Vulnerability Cisco ASA Local Path Inclusion Vulnerability Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others Source Link to comment Share on other sites More sharing options...
Argi Posted October 9, 2014 Share Posted October 9, 2014 Ouch, that's a really nasty set of vulns. RCE, and 2FA-bypass. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted October 9, 2014 Veteran Share Posted October 9, 2014 just updated my asa 5512..... Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted October 9, 2014 Author Veteran Share Posted October 9, 2014 just updated my asa 5512..... What version are you using now? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted October 9, 2014 Veteran Share Posted October 9, 2014 :) Cisco Adaptive Security Appliance Software Version 9.3(1)Device Manager Version 7.3(1)101Compiled on Wed 23-Jul-14 18:16 PDT by buildersSystem image file is "disk0:/asa931-smp-k8.bin"Config file at boot was "startup-config"ciscoasa up 40 mins 24 secsHardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores) ASA: 2048 MB RAM, 1 CPU (1 core)Internal ATA Compact Flash, 4096MB Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted October 9, 2014 Author Veteran Share Posted October 9, 2014 Nice. Is it your home or work? We unfortunately have 20 firewalls in prod and I thing the same in dev and test environments so it's going to be a pain in the neck to upgrade. :( At home I am on 9.2.2.4 :) Link to comment Share on other sites More sharing options...
sc302 Veteran Posted October 9, 2014 Veteran Share Posted October 9, 2014 Work. I can't afford a $10k firewall for home. My wife would have my head Raa 1 Share Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted October 9, 2014 Author Veteran Share Posted October 9, 2014 Work. I can't afford a $10k firewall for home. My wife would have my head :). You can always buy a used one or get one from work when they upgrade. ;) Link to comment Share on other sites More sharing options...
Praetor Posted October 9, 2014 Share Posted October 9, 2014 :). You can always buy a used one or get one from work when they upgrade. ;) this. there's a multitude of used hardware on ebay or other online stores at very tempting prices... :woot: Link to comment Share on other sites More sharing options...
sc302 Veteran Posted October 9, 2014 Veteran Share Posted October 9, 2014 For home I can't see spending Moore than a few hundred. 1000+ is just over kill Link to comment Share on other sites More sharing options...
offroadaaron Posted October 10, 2014 Share Posted October 10, 2014 Work. I can't afford a $10k firewall for home. My wife would have my head That's what NFR is for ;) I just upgraded. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted November 4, 2014 MVC Share Posted November 4, 2014 Does anyone here use the Update Wizard for the ASA. Ours stopped working recently and I have no idea why. Does anyone know what IP's it connects to so I can check there is rules in place for it? It just hangs here after we have put the credentials in.... Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 4, 2014 Veteran Share Posted November 4, 2014 The ip is the ip of you firewall. It doesn't go out. It does run on java and you may need to downgrade your desktop version. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted November 4, 2014 MVC Share Posted November 4, 2014 The ip is the ip of you firewall. It doesn't go out. It does run on java and you may need to downgrade your desktop version. Sorry, I meant the IP address of the update server in Cisco land so I can check where the traffic is going. I will check the java thing... Does yours work? What version of Java are you using? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 4, 2014 Veteran Share Posted November 4, 2014 I use the cli to update, download the update manually. I can check when I get to the office in about 90 min Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted November 4, 2014 MVC Share Posted November 4, 2014 Ok Cool, I like the Wizard. Each to their own. Thanks man. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 4, 2014 Veteran Share Posted November 4, 2014 Java 1.7.0_64-b01 ASDM Version 7.3(1)101 Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted November 4, 2014 MVC Share Posted November 4, 2014 Java 1.7.0_64-b01 ASDM Version 7.3(1)101 It must be my PC, I remoted onto another PC and it works fine and dandy! Thanks anyway. Link to comment Share on other sites More sharing options...
Recommended Posts