Cisco released a Security Advisory about a Critical Bug in Cisco ASA Software. The vulnerability could allow an unauthenticated, remote attacker to cause a reload of the affected system. Any Cisco ASA firewalls that are running the following technology will be affected by this vulnerability:
– Site-to-Site IPsec VPN Tunnel
– Remote access VPN using the IPsec VPN Client
– Remote access VPN using Anyconnect VPN Client
Cisco has recommended to upgrade firmware to address the vulnerability. Please follow the table below for the recommended firmware release. To find out which firmware your Cisco ASA Firewall is on, login to the firewall, then go to enable mode, and execute “show version” command. The command will display the version of your current firmware.
Cisco ASA Major Release First Fixed Release
7.21 Affected; migrate to 9.1(6.11) or later
8.01 Affected; migrate to 9.1(6.11) or later
8.11 Affected; migrate to 9.1(6.11) or later
8.21 8.2(5.59)2
8.31 Affected; migrate to 9.1(6.11) or later
8.4 8.4(7.30) or later
8.51 Not affected
8.61 Affected; migrate to 9.1(6.11) or later
8.7 8.7(1.18) or later
9.0 9.0(4.38) or later
9.1 9.1(6.11) or later
9.2 9.2(4.5) or later
9.3 9.3(3.7) or later
9.4 9.4(2.4) or later
9.5 9.5(2.2) or later
You can find out more details about the bug and upgrade instructions from Cisco here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
Please reach out to the Zumasys Tech Support team if you need assistance on performing firmware upgrades to your Cisco ASA Firewall.