Details of VAR-200702-0347

ID

VAR-200702-0347

CVE

CVE-2007-0967

TITLE

Cisco Firewall Services Module vulnerable to DoS via inspection of malformed SIP messages

Trust: 0.8

sources: CERT/CC: VU#430969

DESCRIPTION

Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests. Cisco Firewall Services Module fails to properly inspect SIP messages. This vulnerability may allow a remote attacker to cause a denial of service condition. Multiple Cisco products are prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause vulnerable devices to reload, potentially causing denial-of-service conditions. This vulnerability is documented in Cisco Bug ID as CSCse52679. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. 1) An unspecified error within the enhanced inspection of HTTP traffic can be exploited to cause the device to reload via specially crafted HTTP traffic. Successful exploitation requires that enhanced inspection is enabled. 2) An error within the inspection of SIP packets can be exploited to cause the device to reload via specially crafted SIP packets. Successful exploitation requires that SIP inspection is enabled. 3) An unspecified error when processing malformed HTTPS requests can be exploited to cause the device to reload by sending specially crafted HTTPS requests. Successful exploitation requires that "authentication for network access" (auth-proxy) is enabled. 4) An error when processing HTTP requests with a very long URL can be exploited to cause the device to reload, but requires that "authentication for network access" (auth-proxy) is enabled. 5) An unspecified error exists when processing HTTPS traffic that is directed to the FWSM. This can be exploited to cause the device to reload by sending specially crafted HTTPS requests, but requires that the HTTPS server is enabled. Successful exploitation requires that the other, trusted device has explicit SNMP poll access. 7) A security issue when manipulating ACLs (Access Control Lists) that make use of object groups can corrupt ACLs, resulting in ACEs (Access Control Entries) being skipped or not evaluated in order, which can be exploited to bypass certain security restrictions. Note: Only an administrative user can change ACLs. Additionally, this does not affected devices which are reloaded after ACLs have been manipulated. A vulnerability that could cause the device to reload when "debugging" is enabled has also been reported. SOLUTION: Apply updated software. Please see vendor advisory for a patch matrix. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070214-fwsm.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2007-0967 // CERT/CC: VU#430969 // JVNDB: JVNDB-2007-001576 // BID: 22561 // VULHUB: VHN-24329 // PACKETSTORM: 54444

AFFECTED PRODUCTS

vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1	Trust: 1.9
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.1)	Trust: 1.1
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firewall services module	scope:	lt	version:	3.x	Trust: 0.8
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0.4.3	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0.1.4	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.1(2)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0(5)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3.5(112)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3.3(133)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3.2	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3(5)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3(3.109)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3(3.102)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3(3)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3(1)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.24)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(1.9)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(1.7)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.3)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.2)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.18)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	3.1(3.11)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	2.3(4.7)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	2.3(4)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.2(2.10)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.1(2.5)	Trust: 0.3
vendor:	cisco	model:	pix/asa	scope:	ne	version:	7.0(5.2)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	ne	version:	6.3(5.115)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	ne	version:	3.1(4)	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	ne	version:	2.3(4.12)	Trust: 0.3

sources: CERT/CC: VU#430969 // BID: 22561 // JVNDB: JVNDB-2007-001576 // CNNVD: CNNVD-200702-334 // NVD: CVE-2007-0967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0967
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#430969
value:	12.60
Trust: 0.8
NVD:	CVE-2007-0967
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200702-334
value:	HIGH
Trust: 0.6
VULHUB:	VHN-24329
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0967
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24329
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#430969 // VULHUB: VHN-24329 // JVNDB: JVNDB-2007-001576 // CNNVD: CNNVD-200702-334 // NVD: CVE-2007-0967

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0967

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200702-334

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200702-334

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001576

PATCH

title:

cisco-sa-20070214-fwsm

url:

http://www.cisco.com/en/US/products/csa/cisco-sa-20070214-fwsm.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-001576

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0967	Trust: 2.8
db:	BID	id:	22561	Trust: 2.0
db:	SECUNIA	id:	24172	Trust: 1.8
db:	VUPEN	id:	ADV-2007-0609	Trust: 1.7
db:	CERT/CC	id:	VU#430969	Trust: 1.1
db:	SECTRACK	id:	1017650	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-001576	Trust: 0.8
db:	CNNVD	id:	CNNVD-200702-334	Trust: 0.7
db:	CISCO	id:	20070214 MULTIPLE VULNERABILITIES IN FIREWALL SERVICES MODULE	Trust: 0.6
db:	XF	id:	32515	Trust: 0.6
db:	VULHUB	id:	VHN-24329	Trust: 0.1
db:	PACKETSTORM	id:	54444	Trust: 0.1

sources: CERT/CC: VU#430969 // VULHUB: VHN-24329 // BID: 22561 // JVNDB: JVNDB-2007-001576 // PACKETSTORM: 54444 // CNNVD: CNNVD-200702-334 // NVD: CVE-2007-0967

REFERENCES

url:	http://www.securityfocus.com/bid/22561	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00807e2481.shtml	Trust: 1.7
url:	http://secunia.com/advisories/24172	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070214-fwsm.shtml	Trust: 1.2
url:	http://www.vupen.com/english/advisories/2007/0609	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/32515	Trust: 1.1
url:	http://securitytracker.com/alerts/2007/feb/1017650.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0967	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0967	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/0609	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/32515	Trust: 0.6
url:	http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/430969	Trust: 0.3
url:	/archive/1/460079	Trust: 0.3
url:	/archive/1/460080	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070214-pix.shtml	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/product/8614/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/24172/	Trust: 0.1

sources: CERT/CC: VU#430969 // VULHUB: VHN-24329 // BID: 22561 // JVNDB: JVNDB-2007-001576 // PACKETSTORM: 54444 // CNNVD: CNNVD-200702-334 // NVD: CVE-2007-0967

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200702-334

SOURCES

db:	CERT/CC	id:	VU#430969
db:	VULHUB	id:	VHN-24329
db:	BID	id:	22561
db:	JVNDB	id:	JVNDB-2007-001576
db:	PACKETSTORM	id:	54444
db:	CNNVD	id:	CNNVD-200702-334
db:	NVD	id:	CVE-2007-0967

LAST UPDATE DATE

2025-04-10T22:57:47.958000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#430969	date:	2007-02-22T00:00:00
db:	VULHUB	id:	VHN-24329	date:	2017-07-29T00:00:00
db:	BID	id:	22561	date:	2016-07-06T14:40:00
db:	JVNDB	id:	JVNDB-2007-001576	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200702-334	date:	2007-02-19T00:00:00
db:	NVD	id:	CVE-2007-0967	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#430969	date:	2007-02-16T00:00:00
db:	VULHUB	id:	VHN-24329	date:	2007-02-16T00:00:00
db:	BID	id:	22561	date:	2007-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2007-001576	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	54444	date:	2007-02-16T06:49:41
db:	CNNVD	id:	CNNVD-200702-334	date:	2007-02-15T00:00:00
db:	NVD	id:	CVE-2007-0967	date:	2007-02-16T00:28:00