topic +1 for upgrade recommendation in Network Security

Bug Search CSCva38556

zen-tek.tan — Tue, 12 Mar 2019 08:37:18 GMT

Cisco ASA Input Validation File Injection Vulnerability

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva38556

Below is my device details:

This platform has an ASA5585-SSP-20 VPN Premium license.
Serial Number: JAD173301HM

Cisco Adaptive Security Appliance Software Version 8.2(5)49 <context>
Device Manager Version 7.1(2)

How do I check if my ASA is expose to this bug?

It looks like this bug is

nspasov — Tue, 06 Dec 2016 18:08:24 GMT

It looks like this bug is listed to only affect 9.1(6.10), however, you are running a pretty old version of code that has tons of other vulnerabilities. There is a 8.2(5)59 interim update that you should consider moving to.

With that being said, it is a good idea to reach out to TAC and confirm 100% that your device and version of code is not affected by this specific defect.

I hope this helps!

Thank you for rating helpful posts!

+1 for upgrade recommendation

Oliver Kaiser — Tue, 06 Dec 2016 21:47:33 GMT

+1 for upgrade recommendation. Still running 8.2.x in 2016 is not a good idea.

Update:

lewislampkin — Thu, 15 Dec 2016 14:17:44 GMT

Update:

You ask an excellent question, but the confusion is well apparent, as seen in another thread:

https://supportforums.cisco.com/discussion/13169031/cscva38556-cve-id-cve-2016-6461-known-fixed-releases

With that said, 9.5(3)6 was released on the 13th of December, it contains the fix for Bug CSCva38556, for the -x series models of the ASA:

http://www.cisco.com/web/software/280775065/135839/ASA-953-Interim-Release-Notes.html

(So, like others, I am confused why this version wasn't listed as "affected" by the bug, if it is going to receive the "fix" for the bug. )

I re-check the bug to be sure, on 12/15/2016 (today), and it only lists 9.1(6)10 as a known affected release. (if so, then why is 9.5(3) receiving a "fix"?)

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva38556

Update: 9.17(12) was released

lewislampkin — Tue, 27 Dec 2016 13:02:48 GMT

Update: 9.17(12) was released on 12/21/2016.

It resolves the issue for the X-series as well as the older series devices.

Revision: Version 9.1(7)12 – 12/21/2016

Files: asa917-12-smp-k8.bin, asa917-12-k8.bin

Defects resolved since 9.1(7)11:

CSCva38556

Cisco ASA Input Validation File Injection Vulnerability

http://www.cisco.com/web/software/280775065/131523/ASA-917-Interim-Relea...

Description:	Cisco Adaptive Security Appliance Software for the ASA 5505, 5510, 5520, 5540, and ASA5550. Please read the Release Note prior to downloading this release.
Release:	9.1.7 Interim
Release Date:	21/Dec/2016
File Name:	asa917-12-k8.bin
Size:	26.42 MB (27703296 bytes)
MD5 Checksum:	83cb9af376e5016fbcf8023c5c867335
SHA512 Checksum:	50b892a4ae28d9c099c67210d4e5d0ff1dc1ee7534c7853111dcb3ee20d3c5f317d29097edf6b4d36139226738009b0760d6c391a182fb8bd4ca20010e9b1ad3

Description:	Cisco Adaptive Security Appliance Software for the ASA 5512-x, 5515-x, 5525-x, 5545-x, 5555-x, 5580, 5585-x, and ASASM. Please read the Release Note prior to downloading this release.
Release:	9.1.7 Interim
Release Date:	21/Dec/2016
File Name:	asa917-12-smp-k8.bin
Size:	36.84 MB (38633472 bytes)
MD5 Checksum:	aa279845c795d9ec728577405f44a744
SHA512 Checksum:	ed1bf84e8b7df2383c61a86e184aaa741b18a901895e794902d0eb770acf0f7d7187309d18955f3a243c1d572867308481f79b966579e713f52ff1381450707f

Cheers 😕