Reported December 15, 2003 by Cisco.

 

 

VERSIONS AFFECTED

 

All Cisco PIX Firewall devices that run the following the software versions:

 

  • CSCeb20276 (SNMPv3) 6.3.1; 6.2.2 and earlier; 6.1.4 and earlier; 5.x.x and earlier.

  • CSCec20244/CSCea28896 (VPNC) 6.2.3 and earlier (excluding versions 6.1.x and 5.x.x)

 

DESCRIPTION

 

Two vulnerabilities in Cisco PIX Firewall devices can result in a Denial of Service (DoS) condition on the vulnerable system. These two vulnerabilities are as follows:

 

·         The Cisco PIX firewall crashes and reloads while processing a received SNMPv3 message when snmp-server host <ip_addr> is configured on the Cisco PIX firewall. This happens even though the Cisco PIX firewall doesn't support SNMPv3.

 

·         Under certain conditions, an established VPNC IPSec tunnel connection drops if another IPSec client attempts to initiate an IKE Phase I negotiation to the outside interface of the VPN Client-configured Cisco PIX Firewall.

 

VENDOR RESPONSE

 

Cisco has released a security bulletin concerning these vulnerabilities and recommends that affected customers obtain the patch available through normal support channels.

 

CREDIT

 

Discovered by Cisco.