Multiple vulnerabilities exist in the Cisco Adaptive Security Appliance
(ASA) and PIX security appliances. These vulnerabilities include two
Lightweight Directory Access Protocol (LDAP) authentication bypass
vulnerabilities and two denial of service (DoS) vulnerabilities.
The Lightweight Directory Access Protocol (LDAP) authentication bypass
vulnerabilities are caused by a specific processing path followed when the
device is setup to use a Lightweight Directory Access Protocol (LDAP)
authentication server. These vulnerabilities may allow unauthenticated users to
access either the internal network or the device itself.
The two DoS vulnerabilities may be triggered when devices are
terminating Virtual Private Networks (VPN). These denial of service
vulnerabilities may allow an attacker to disconnect VPN users, prevent new
connections, or prevent the device from transmitting traffic.
These vulnerabilities are distributed in the authentication, IPSec VPN,
and SSL VPN code. They are categorized in this advisory by their Cisco bug
LDAP Authentication Bypass
Denial of Service in VPNs with Password Expiry
Denial of Service in SSL VPNs
Cisco has made free software available to address these vulnerabilities
for affected customers.
This advisory is posted at