Cisco Adaptive Security Appliance Denial Of Service Vulnerabilities
27 Nov. 2015
The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows remote attackers to cause a denial of service (device reload)
A vulnerability was found in Cisco ASA 1000V/5000 and classified as problematic. This issue affects an unknown function of the component DHCPv6 Packet Handler. The manipulation with an unknown input leads to a denial of service vulnerability. Impacted is availability.The weakness was shared 10/21/2015 as cisco-sa-20151021-asa-dhcp1 as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. The identification of this vulnerability is CVE-2015-6324 since 08/17/2015. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available.