Be careful, It appears that something is broken with ARP on this release. We have no ARP on lan interface, and somebody else has a similar problem: https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_recording_an_arp_entry/
On Wed, Feb 10, 2016 at 10:36 PM, Sadiq Saif <li...@sadiqs.com> wrote: > Update your ASAs folks, this is a critical one. > > > -------- Forwarded Message -------- > Subject: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and > IKEv2 Buffer Overflow Vulnerability > Date: Wed, 10 Feb 2016 08:06:51 -0800 > From: Cisco Systems Product Security Incident Response Team > <ps...@cisco.com> > Reply-To: ps...@cisco.com > To: cisco-...@puck.nether.net > CC: ps...@cisco.com > > Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer > Overflow Vulnerability > > Advisory ID: cisco-sa-20160210-asa-ike > > Revision 1.0 > > For Public Release 2016 February 10 16:00 GMT (UTC) > > +--------------------------------------------------------------------- > > > Summary > ======= > > A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and > IKE version 2 (v2) code of Cisco ASA Software could allow an > unauthenticated, remote attacker to cause a reload of the affected > system or to remotely execute code. > > The vulnerability is due to a buffer overflow in the affected code area. > An attacker could exploit this vulnerability by sending crafted UDP > packets to the affected system. An exploit could allow the attacker to > execute arbitrary code and obtain full control of the system or to cause > a reload of the affected system. > > Note: Only traffic directed to the affected system can be used to > exploit this vulnerability. This vulnerability affects systems > configured in routed firewall mode only and in single or multiple > context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. > > Cisco has released software updates that address this vulnerability. > This advisory is available at the following link: > > http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike > > > > _______________________________________________ > cisco-nsp mailing list cisco-...@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > >
