Vulnerabilities > CVE-2009-1156 - Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX

047910
CVSS 5.7 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE

Summary

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet. Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml VPN Authentication Bypass Vulnerability The Cisco ASA or Cisco PIX security appliance can be configured to override an account-disabled indication from a AAA server and allow the user to log on anyway. However, the user must provide the correct credentials in order to login to the VPN. A vulnerability exists in the Cisco ASA and Cisco PIX security appliances where VPN users can bypass authentication when the override account feature is enabled. Note: The override account feature was introduced in Cisco ASA software version 7.1(1). The override account feature is enabled with the override-account-disable command in tunnel-group general-attributes configuration mode, as shown in the following example. The following example allows overriding the "account-disabled" indicator from the AAA server for the WebVPN tunnel group "testgroup": hostname(config)#tunnel-group testgroup type webvpn hostname(config)#tunnel-group testgroup general-attributes hostname(config-tunnel-general)#override-account-disable Note: The override account feature is disabled by default.

Seebug

bulletinFamilyexploit
description安全公告 月度Top10安全漏洞 每日漏洞播报 Cisco PIX/ASA拒绝服务,ACL绕过及验证绕过漏洞 发布时间:2009-04-09 录入:启明星辰 BUGTRAQ ID: 34429 CVE ID:CVE-2009-1155 CVE-2009-1156 CVE-2009-1157 CVE-2009-1158 CVE-2009-1159 CVE-2009-1160 CNCVE ID:CNCVE-20091155 CNCVE-20091156 CNCVE-20091157 CNCVE-20091158 CNCVE-20091159 CNCVE-20091160 Cisco PIX是一款防火墙设备,可为用户和应用提供策略强化、多载体攻击防护和安全连接服务;自适应安全设备(ASA)是可提供安全和VPN服务的模块化平台。 Cisco PIX/ASA存在多个安全漏洞,允许攻击者使设备重载,伪造通信绕过ACL规则或获得对设备的未授权访问。 VPN验证绕过问题: 设备配置了IPsec或者基于SSL远程访问VPN,如果开启Override Account Disabled功能,可导致VPN用户可绕过验证访问设备。 特殊构建的HTTP报文拒绝服务漏洞: 特殊构建的SSL或者HTTP报文可导致配置了终止SSL VPN连接的Cisco ASA设备触发拒绝服务条件。此漏洞可通过任意ASDM访问启用的接口上触发,成功利用可设备重载,需要TCP三次握手利用此漏洞。 特殊构建的TCP报文拒绝服务漏洞: 特殊构建的TCP报文可导致Cisco ASA或Cisco PIX设备内存泄漏,成功攻击可导致拒绝服务攻击。 特殊构建的H.232报文拒绝服务漏洞: 特殊构建的H.232报文可导致配置了H.232检测的Cisco ASA设备触发拒绝服务条件。H.232检测默认启用。成功攻击可导致设备重载,不需要三次握手即可利用此漏洞。 SQL*Net报文拒绝服务漏洞: 特殊的一系列SQL*Net报文可导致配置了SQL*Net检测的Cisco ASA和Cisco PIX设备产生拒绝服务。SQL*Net检测默认启用,成功利用漏洞可导致设备重载。 访问控制列表绕过漏洞: 访问列表包含一个隐含的拒绝行为,适用于那些不匹配任何允许或者ACL中拒绝ACEs规则,并走到ACL规则末端的报文。这个隐含拒绝行为的设计不需要任何配置,所有通信走到ACL规则末端可被隐含ACE应用。Cisco ASA和Cisco PIX存在安全漏洞,允许通信绕过隐含拒绝ACE。 Cisco PIX/ASA 8.1 Cisco PIX/ASA 8.0 Cisco PIX/ASA 7.2 Cisco PIX/ASA 7.1 Cisco PIX/ASA 7.0 可参考如下安全公告获得补丁信息: <a href=http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml#@ID target=_blank rel=external nofollow>http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml#@ID</a>
idSSV:5029
last seen2017-11-19
modified2009-04-10
published2009-04-10
reporterRoot
titleCisco PIX/ASA拒绝服务,ACL绕过及验证绕过漏洞