Versions 8.7.1 and 18.104.22.168 of Cisco ASA Software for the Cisco ASA 1000V Cloud Firewall are affected by this vulnerability if H.323 inspection is enabled. H.323 Inspection for both H.225 and Registration, Admission and Status (RAS) messages is enabled by default.
The vulnerability exists only if H.323 inspection for H.225 messages is enabled. H.323 inspection for RAS messages has no effect on this vulnerability.
To determine whether H.323 H.225 inspection is enabled, issue the show service-policy inspect h323 h225
command and verify that a class map is configured with the H.225 inspection engine. If H.323 inspection for H.225 messages is configured, the relevant H.323 output will appear under the referenced class map.
Example output follows:
ASA1000v# show service-policy inspect h323 h225
Inspect: h323 h225 _default_h323_map, packet 0, lock fail 0, drop 0, reset-drop 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
h245-tunnel-block drops 0 connection
: The preceding output identifies a policy map with a class map that has H.323 inspection for H.225 messages applied.
Alternatively, a device that has H.323 inspection for H.225 messages enabled has a configuration similar to the following:
inspect h323 h225
service-policy global_policy global
: Global application is shown in the preceding example, but the service policy could also be applied to a specific interface
Customers who use Cisco Adaptive Security Device Manager (ASDM) to manage devices can check the Service Policy
section under the global or interface specific policies to determine whether the inspection is enabled.
Customers who use Cisco Virtual Network Management Center (VNMC) to manage multiple devices can locate the Packet Inspection
section under Policy Management > Security Policies > Root > Tenant > Data Center > Policies
to determine whether the inspection is enabled.
To determine the version of Cisco ASA Software for the Cisco ASA 1000V Cloud Firewall that is running, issue the show version
command from the Cisco ASA 1000V command line.
The following example shows a system that is running an affected software version (8.7.1):
ASA1000v(config)# show version
Cisco Adaptive Security Appliance Software Version 8.7(1)
Device Manager Version 6.3(5)
Customers who use the Cisco Adaptive Security Device Manager (ASDM) to manage their devices can find the version of the software displayed in the table in the login window or in the upper left corner of the ASDM window.
Alternatively, version information can be obtained from the Summary tab of the Cisco ASA 1000V Cloud Firewall resource in the VMware vCenter Server.
With the exception of Cisco ASA 1000V Cloud Firewall, no other Cisco products are currently known to be affected by this vulnerability.