CVE-2017-6608 : Security Advisory and Response

A vulnerability has been discovered in the code of Cisco ASA Software's Secure Sockets Layer (SSL) and Transport Layer Security (TLS) that could allow an attacker to remotely cause the affected system to reload.

Understanding CVE-2017-6608

This CVE involves a vulnerability in Cisco ASA Software that affects various Cisco products and versions.

What is CVE-2017-6608?

The vulnerability in Cisco ASA Software's SSL and TLS code allows an unauthenticated attacker to trigger a system reload by sending specially crafted packets.

The Impact of CVE-2017-6608

Attackers without authentication can remotely reload affected systems by exploiting SSL/TLS vulnerabilities.
The flaw arises from the incorrect interpretation of manipulated SSL or TLS packets.
Only traffic directed towards the affected system can be used to exploit this vulnerability.
Systems in different firewall modes and using IPv4 or IPv6 traffic are susceptible.

Technical Details of CVE-2017-6608

This section provides detailed technical insights into the vulnerability.

Vulnerability Description

Improper parsing of SSL/TLS packets leads to system reload upon receiving manipulated packets.

Affected Systems and Versions

Cisco ASA Software versions impacted include Cisco ASA 1000V Cloud Firewall, ASA 5500 Series, ASA 5500-X Series, and more.

Exploitation Mechanism

Attackers exploit the vulnerability by sending crafted packets to the affected system.

Mitigation and Prevention

Steps to address and prevent the CVE-2017-6608 vulnerability.

Immediate Steps to Take

Update affected systems to fixed versions: 8.4(7.31), 9.0(4.39), 9.1(7), 9.2(4.6), 9.3(3.8), 9.4(2), 9.5(2).

Long-Term Security Practices

Regularly monitor and update SSL/TLS configurations.
Implement network segmentation to limit the impact of potential attacks.
Conduct regular security audits and penetration testing.

Patching and Updates

Apply patches provided by Cisco to address the vulnerability and enhance system security.