CISCO : Cisco ASA DHCPv6 Relay DoS Vulnerability (cisco-sa-20151021-asa-dhcp1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.106050

Category: CISCO

Title: Cisco ASA DHCPv6 Relay DoS Vulnerability (cisco-sa-20151021-asa-dhcp1)

Summary: A vulnerability in the DHCPv6 relay feature of Cisco ASA may; lead to a denial of service.

Description: Summary:
A vulnerability in the DHCPv6 relay feature of Cisco ASA may
lead to a denial of service.

Vulnerability Insight:
A vulnerability in the DHCPv6 relay feature of Cisco ASA
software could allow an unauthenticated, remote attacker to cause an affected device to reload.
The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is
affected by this vulnerability only if the software is configured with the DHCPv6 relay feature.
An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected
device.

Vulnerability Impact:
An unauthenticated, remote attacker could cause a device reload
leading to a denial of service condition.

Affected Software/OS:
Version 9.0, 9.1, 9.2, 9.3 and 9.4 on Cisco ASA 5500 Series
Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA
Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco ASA
1000V Cloud Firewall and Cisco Adaptive Security Virtual Appliance (ASAv).

Solution:
Apply the appropriate updates from Cisco. As a workaround
disable the DHCPv6 relay feature.

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-6324
Cisco Security Advisory: 20151021 Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dhcp1
http://www.securitytracker.com/id/1033912

Copyright Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.106050
Category:	CISCO
Title:	Cisco ASA DHCPv6 Relay DoS Vulnerability (cisco-sa-20151021-asa-dhcp1)
Summary:	A vulnerability in the DHCPv6 relay feature of Cisco ASA may; lead to a denial of service.
Description:	Summary: A vulnerability in the DHCPv6 relay feature of Cisco ASA may lead to a denial of service. Vulnerability Insight: A vulnerability in the DHCPv6 relay feature of Cisco ASA software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device. Vulnerability Impact: An unauthenticated, remote attacker could cause a device reload leading to a denial of service condition. Affected Software/OS: Version 9.0, 9.1, 9.2, 9.3 and 9.4 on Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco ASA 1000V Cloud Firewall and Cisco Adaptive Security Virtual Appliance (ASAv). Solution: Apply the appropriate updates from Cisco. As a workaround disable the DHCPv6 relay feature. CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6324 Cisco Security Advisory: 20151021 Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dhcp1 http://www.securitytracker.com/id/1033912
Copyright	Copyright (C) 2015 Greenbone Networks GmbH