https://community.cisco.com/t5/network-security/asa-5525-image-upgradation/m-p/2746952#M178077 <P>Hello</P><P>Please refer to Cisco advisory</P><P>http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa</P><P>The one with the fix for this issue would be 9.2(3.4) or later&nbsp;</P><P>In which the recommend one to run to fix all this issues would be 9.2(4)&nbsp;</P><P>Regards,</P><P>Rodrigo</P> Mon, 12 Oct 2015 04:31:29 GMT rodrigog 2015-10-12T04:31:29Z https://community.cisco.com/t5/network-security/asa-5525-image-upgradation/m-p/2746951#M178076 <P>Hi Experts,</P><P>Hope all is doing good.!</P><P>This time here for advice on&nbsp;below points -</P><P>&nbsp;</P><P>1) We are using ASA 5525 , Recently during vulnerability assessment came to know with below observations and hence team recommended for Image upgradation.</P><P>&nbsp;</P><P>The remote Cisco Adaptive Security Appliance (ASA) is missing a<BR />vendor-supplied security patch and is therefore affected by the<BR />following vulnerabilities :</P><P>&nbsp; - A flaw exists in the failover ipsec feature due to not<BR />&nbsp;&nbsp;&nbsp; properly handling failover communication messages. An<BR />&nbsp;&nbsp;&nbsp; unauthenticated attacker, sending crafted UDP packets<BR />&nbsp;&nbsp;&nbsp; over the local network to the failover interface, can<BR />&nbsp;&nbsp;&nbsp; reconfigure the failover units to gain full control.<BR />&nbsp;&nbsp;&nbsp; (CVE-2015-0675)</P><P>&nbsp; - A flaw exists when handling DNS reply packets, which a<BR />&nbsp;&nbsp;&nbsp; man-in-the-middle attacker, by triggering outbound DNS<BR />&nbsp;&nbsp;&nbsp; queries and then sending crafted responses to these, can<BR />&nbsp;&nbsp;&nbsp; exploit to consume excessive memory, leading to a denial<BR />&nbsp;&nbsp;&nbsp; of service. (CVE-2015-0676)</P><P>&nbsp; - A flaw exists in the XML Parser configuration when<BR />&nbsp;&nbsp;&nbsp; handling specially crafted XML messages, which a remote,<BR />&nbsp;&nbsp;&nbsp; unauthenticated attacker can use to crash the WebVPN<BR />&nbsp;&nbsp;&nbsp; component, resulting in a denial of service condition.<BR />&nbsp;&nbsp;&nbsp; (CVE-2015-0677)</P><P>Currently ASA is running with :-</P><P>&nbsp;</P><P>&nbsp;ASA5512#sh ver</P><P>Cisco Adaptive Security Appliance Software Version 9.2(2)4<BR />Device Manager Version 7.2(2)1</P><P>Compiled on Tue 29-Jul-14 23:41 PDT by builders<BR />System image file is "disk0:/asa922-4-smp-k8.bin"<BR />Config file at boot was "startup-config"</P><P>&nbsp;</P><P>NOte:- ASA 5525 (with VPN premium License)</P><P>&nbsp;</P><P>Could you pls recommend the latest and suitable image or solution to fix this observation.</P><P>&nbsp;</P><P>Rgds</P><P>***</P><P>&nbsp;</P> Tue, 12 Mar 2019 06:43:31 GMT https://community.cisco.com/t5/network-security/asa-5525-image-upgradation/m-p/2746951#M178076 netbeginner 2019-03-12T06:43:31Z https://community.cisco.com/t5/network-security/asa-5525-image-upgradation/m-p/2746952#M178077 <P>Hello</P><P>Please refer to Cisco advisory</P><P>http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa</P><P>The one with the fix for this issue would be 9.2(3.4) or later&nbsp;</P><P>In which the recommend one to run to fix all this issues would be 9.2(4)&nbsp;</P><P>Regards,</P><P>Rodrigo</P> Mon, 12 Oct 2015 04:31:29 GMT https://community.cisco.com/t5/network-security/asa-5525-image-upgradation/m-p/2746952#M178077 rodrigog 2015-10-12T04:31:29Z