Reported
December 15, 2003 by Cisco.
VERSIONS
AFFECTED
All Cisco PIX Firewall
devices that run the following the software versions:
CSCeb20276 (SNMPv3)
6.3.1; 6.2.2 and earlier; 6.1.4 and earlier; 5.x.x and earlier.
CSCec20244/CSCea28896 (VPNC)
6.2.3 and earlier
(excluding versions 6.1.x and 5.x.x)
DESCRIPTION
Two vulnerabilities in Cisco
PIX Firewall devices can result in a Denial of Service (DoS) condition on the
vulnerable system. These two vulnerabilities are as follows:
·
The Cisco
PIX firewall crashes and reloads while processing a received SNMPv3 message when
snmp-server host <ip_addr> is configured on the Cisco PIX firewall. This happens
even though the Cisco PIX firewall doesn't support SNMPv3.
·
Under
certain conditions, an established VPNC IPSec tunnel connection drops if another
IPSec client attempts to initiate an IKE Phase I negotiation to the outside
interface of the VPN Client-configured Cisco PIX Firewall.
VENDOR
RESPONSE
Cisco has released a
security bulletin concerning these vulnerabilities and recommends that
affected customers obtain the patch available through normal support channels.
CREDIT
Discovered by Cisco.
Mulitple Vulnerabilities in Cisco PIX Firewall
1 comment
Hide comments