cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


180
Views
5
Helpful
1
Replies
Highlighted
Beginner

ASA 5520 9.1(7)23 and Bug CSCvp36425

Good evening everyone.

The bug I referenced above is a high severity and I happen to have an old end of life ASA 5520 that shows on the "Products confirmed not vulnerable" list.  My general concern is that I ran the "show asp table socket | i SSL|DTLS" command and got a similar output showing that it could be vulnerable.

 

Just wanted to get someone else's opinion on it.  Again this ASA is end of life and it's being decommissioned once we migrate everything that it's doing off to the new firewall.  Appreciate any info.

 

# sh ver

Cisco Adaptive Security Appliance Software Version 9.1(7)23 

Device Manager Version 7.9(1)

 

# sh asp table socket | include SSL|DTLS

SSL       001c9728  LISTEN     1**.1**.1**.1**:443                           0.0.0.0:*                                    

SSL       001cfe48  LISTEN     1**.1**.2**.2**:443                             0.0.0.0:*                                    

DTLS      001d0308  LISTEN     1**.1**.1**.1**:443                           0.0.0.0:*                                    

1 REPLY 1
Hall of Fame Master

Re: ASA 5520 9.1(7)23 and Bug CSCvp36425

Your ASA 5520 is not vulnerable to this bug.

As noted in the Security Advisory, "This vulnerability applies only to the ASA hardware platforms that use a specific cryptographic driver for SSL and TLS packet decryption and encryption."

The vulnerable products (ASA 5506, 5508 and 5516 series) all have a common cryptographic driver due to their use of a chipset (Cavium Octeon III 7130) unique to that hardware.

Ironically that chipset is intended to make the hardware platforms MORE secure. That is coincidentally why they all use the unique images with the "lfbff" string in the image name indicating digitally signed and verified images.