• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Cisco Firewall Services Module Multiple DoS and ACL Corruption Vulnerabilities

Severity: MODERATE

Description:

Cisco Firewall Services Module (FWSM) is an integrated firewall module for some models of Cisco networking equipment.

The FWSM is prone to three distinct vulnerabilities:

1. Specially crafted HTTP requests may cause the FWSM to reload if the HTTPS server is enabled. The HTTPS server is not enabled by default. The HTTP request must come from within the same network subnet configured for the device. Additional information is documented in Cisco bug ID CSCsi77844. The issue affects versions prior to FWSM 3.1(5) and 3.2(1). FWSM 2.3.x is not affected.

2. Specially crafted MGCP (Media Gateway Control Protocol) packets may cause the FWSM to reload if the MGCP application layer protocol-inspection feature is enabled, which is not enabled by default. Packets transmitted via UDP port 2427 may trigger this issue. Additional information is documented in Cisco bug ID CSCsi00694. The vulnerability FWSM 3.1(5) and prior versions. FWSM 2.3.x and 3.2.x are not affected.

Successful repeated exploits of these reload issues may result in denial-of-service conditions.

3. Manipulating entries in the Access Control List (ACL) may cause them to not be evaluated. Deleting and readding entries through the command line or ASDM (Adaptive Security Device Manager) may corrupt the ACL, resulting in unexpected network traffic. Additional information is documented in Cisco bug ID CSCsj52536. The issue affects FWSM 3.1(6) and prior versions and 3.2(2) and prior versions. FWSM 2.3.x is not affected.

Affected Products:

• Cisco FWSM 3.1
• Cisco FWSM 3.1 (3.1)
• Cisco FWSM 3.1 (3.11)
• Cisco FWSM 3.1 (3.18)
• Cisco FWSM 3.1 (3.2)
• Cisco FWSM 3.1 (3.3)
• Cisco FWSM 3.1(1.7)
• Cisco FWSM 3.1(1.9)
• Cisco FWSM 3.1(3.24)
• Cisco FWSM 3.1(4)
• Cisco FWSM 3.1(6)
• Cisco FWSM 3.2 (2)

References:

• Cisco: Cisco Homepage
• Cisco: Cisco Security Advisory cisco-sa-20071017-fwsm

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.