CVE-2015-0675
Cisco ASA 9.1-9.3 Remote Reconfiguration via Failover IPSec UDP Packets
Title source: llmDescription
The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032045
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa
Scores
EPSS
0.0097
EPSS Percentile
57.4%
Details
CWE
CWE-284
Status
published
Products (23)
cisco/adaptive_security_appliance_software
9.1.1
cisco/adaptive_security_appliance_software
9.1.1.4
cisco/adaptive_security_appliance_software
9.1.2
cisco/adaptive_security_appliance_software
9.1.2.8
cisco/adaptive_security_appliance_software
9.1.3
cisco/adaptive_security_appliance_software
9.1.3.2
cisco/adaptive_security_appliance_software
9.1.4
cisco/adaptive_security_appliance_software
9.1.4.5
cisco/adaptive_security_appliance_software
9.1.5
cisco/adaptive_security_appliance_software
9.1.5.10
... and 13 more
Published
Apr 13, 2015
Tracked Since
Feb 18, 2026