Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés
Date : Thu, 10 Apr 2014 10:54:14 +0200
Type : VULN
Sujet : CERT-Renater : 2014/VULN103 (Cisco : Multiple Vulnerabilities in Cisco ASA Software)
====================================================================
                           CERT-Renater

               Note d'Information No. 2014/VULN103
_____________________________________________________________________

DATE                : 11/04/2014

HARDWARE PLATFORM(S): Cisco

OPERATING SYSTEM(S):  Cisco ASA software versions 8, 9.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
______________________________________________________________________

Multiple Vulnerabilities in Cisco ASA Software

Advisory ID: cisco-sa-20140409-asa

Revision 1.0

For Public Release 2014 April 9 16:00  UTC (GMT)

Summary
=======

  Cisco Adaptive Security Appliance (ASA) Software is affected by the
following vulnerabilities:
  Cisco ASA ASDM Privilege Escalation Vulnerability
  Cisco ASA SSL VPN Privilege Escalation Vulnerability
  Cisco ASA SSL VPN Authentication Bypass Vulnerability
  Cisco ASA SIP Denial of Service Vulnerability

These vulnerabilities are independent of one another; a release that is
affected by one of the vulnerabilities may not be affected by the
others.

Successful exploitation of the Cisco ASA ASDM Privilege Escalation
Vulnerability and the Cisco ASA SSL VPN Privilege Escalation
Vulnerability may allow an attacker or an unprivileged user to elevate
privileges and gain administrative access to the affected system.

Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass
Vulnerability may allow an attacker to obtain unauthorized access to
the internal network via SSL VPN.

Successful exploitation of the Cisco ASA SIP Denial of Service
Vulnerability may cause the exhaustion of available memory. This may
cause system instability and in some cases lead to a reload of the
affected system, creating a denial of service (DoS) condition.

Cisco has released free software updates that address these
vulnerabilities.

Workarounds that mitigate these vulnerabilities are available for some
of the vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa

Note: This security advisory does not provide information about the
OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by
CVE-2014-0160 (also known as Heartbleed).  For additional information
regarding Cisco products affected by this vulnerability, refer to the
Cisco Security Advisory available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================

[An attachment of type application/pkcs7-signature was included here]