
====================================================================

                                CERT-Renater

                   Note d'Information No. 2016/VULN006
_____________________________________________________________________

DATE                : 13/01/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco ASA Software versions 9.4.1 up to and
                                     including 9.5.1.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa
_____________________________________________________________________

Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vulnerability

Medium

Advisory ID:

cisco-sa-20160111-asa

Published:

2016 January 11 00:00 GMT

Version 1.0:

Final

CVSS Score:

Base - 3.5

Workarounds:

No workarounds available

Cisco Bug IDs:

CSCuu67782

CVE-2015-6423

CWE-20

Summary

A vulnerability in the Distributed Computing Environment/Remote
Procedure Calls (DCERPC) Inspection feature of the Cisco Adaptive
Security Appliance (ASA) could allow an authenticated, remote attacker
to send traffic that is not DCERPC between hosts configured only for
DCERPC inspection. The DCERPC traffic should be allowed only on TCP
port 135.

The vulnerability is due to an internal access control list (ACL),
which is used to allow DCERPC traffic but is incorrectly programmed to
allow all traffic types and not restricted to DCERPC TCP port 135. An
attacker could exploit this vulnerability by sending non-DCERPC traffic
between hosts configured for DCERPC inspection that would normally be
dropped. An exploit could allow the attacker to access hosts that
should normally be restricted through the ASA.

Cisco has released software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa


Affected Products

Vulnerable Products

Cisco ASA Software releases 9.4.1 up to 9.5.1 are vulnerable.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this

vulnerability.


Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

When considering software upgrades, customers are advised to consult
the Cisco Security Advisories and Responses archive at
http://www.cisco.com/go/psirt and review subsequent advisories to
determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to upgrade
contain sufficient memory and confirm that current hardware and
software configurations will continue to be supported properly by the
new release. If the information is not clear, customers are advised to
contact the Cisco Technical Assistance Center (TAC) or their contracted
maintenance providers.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware
of any public announcements or malicious use of the vulnerability that
is described in this advisory.

URL

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa

Revision History

Version	Description 		Section	Status	Date

1.0 	Initial public release 	-	Final	2016-January-11

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT
YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits
the distribution URL is an uncontrolled copy and may lack important
information or contain factual errors. The information in this document
is intended for end users of Cisco products.

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================