Hi Experts,

Hope all is doing good.!

This time here for advice on below points -

1) We are using ASA 5525 , Recently during vulnerability assessment came to know with below observations and hence team recommended for Image upgradation.

The remote Cisco Adaptive Security Appliance (ASA) is missing a
vendor-supplied security patch and is therefore affected by the
following vulnerabilities :

  - A flaw exists in the failover ipsec feature due to not
    properly handling failover communication messages. An
    unauthenticated attacker, sending crafted UDP packets
    over the local network to the failover interface, can
    reconfigure the failover units to gain full control.
    (CVE-2015-0675)

  - A flaw exists when handling DNS reply packets, which a
    man-in-the-middle attacker, by triggering outbound DNS
    queries and then sending crafted responses to these, can
    exploit to consume excessive memory, leading to a denial
    of service. (CVE-2015-0676)

  - A flaw exists in the XML Parser configuration when
    handling specially crafted XML messages, which a remote,
    unauthenticated attacker can use to crash the WebVPN
    component, resulting in a denial of service condition.
    (CVE-2015-0677)

Currently ASA is running with :-

 ASA5512#sh ver

Cisco Adaptive Security Appliance Software Version 9.2(2)4
Device Manager Version 7.2(2)1

Compiled on Tue 29-Jul-14 23:41 PDT by builders
System image file is "disk0:/asa922-4-smp-k8.bin"
Config file at boot was "startup-config"

NOte:- ASA 5525 (with VPN premium License)

Could you pls recommend the latest and suitable image or solution to fix this observation.

Rgds

***