July 14, 2020

Critical Remote Code Execution Vulnerability on Cisco ASA Firewalls


This vulnerability, CVE 2016-1287, should get your attention if you are using any of the Cisco ASA firewalls listed below, you should patch immediately:

  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco ASA 1000V Cloud Firewall
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Firepower 9300 ASA Security Module
  • Cisco ISA 3000 Industrial Security Appliance

To patch go to: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Explanation of the Vulnerability

CVE 2016-1287 basically says.  A vulnerability in the IKE version 1 and version 2 code of the Cisco ASA Software could allow a remote attacker (who is unauthenticated) to cause a reload of the affected system or to execute code remotely. A buffer overflow in code causes this condition. An attacker can exploit this vulnerability by sending crafted UDP packets to the target ASA. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.