====================================================================

                                  CERT-Renater

                     Note d'Information No. 2017/VULN022
_____________________________________________________________________

DATE                : 26/01/2017

HARDWARE PLATFORM(S): Cisco Adaptive Security Appliance CX
                         Context-Aware Security module.

OPERATING SYSTEM(S): Cisco Adaptive Security Appliance CX Context-Aware
                                 Security module software.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas
____________________________________________________________________

Cisco Security Advisory: Cisco Adaptive Security Appliance CX
Context-Aware Security Denial of Service Vulnerability

Advisory ID: cisco-sa-20170125-cas

Revision 1.0

For Public Release 2017 January 25 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the data plane IP fragment handler of the Adaptive
Security Appliance (ASA) CX Context-Aware Security module could allow
an unauthenticated, remote attacker to cause the CX module to be unable
to process further traffic, resulting in a denial of service (DoS)
condition.

The vulnerability is due to improper handling of IP fragments. An
attacker could exploit this vulnerability by sending fragmented IP
traffic across the CX module. An exploit could allow the attacker to
exhaust free packet buffers in shared memory (SHM), causing the CX
module to be unable to process further traffic, resulting in a DoS
condition.

Cisco has not released and will not release software updates that
address this vulnerability. There are no workarounds that address
this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================