The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, aka Bug ID CSCuu66218.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
Link | Tags |
---|---|
http://www.securityfocus.com/bid/75269 | vdb entry |
http://www.securitytracker.com/id/1032595 | vdb entry |
http://tools.cisco.com/security/center/viewAlert.x?alertId=39366 | vendor advisory |