![](https://secure.gravatar.com/avatar/4cd808d17790b175bd071938da5c9384.jpg?s=120&d=mm&r=g)
NANOG members: Hi there. This is Dario Ciccarone from the Cisco PSIRT - the Product Security Incident Response Team. This is to acknowledge we're aware of this issue, and we're working with all the appropriate parties. Indeed, it seems the culprit is Cisco bug ID CSCul36176 - which was released as part of the Cisco Security Advisory "Multiple Vulnerabilities in Cisco ASA Software ", which was published on October 8th, 2014. The full advisory is available at the following URL: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... As I said, the Cisco PSIRT is working with the Cisco Technical Assistance Center on this matter, and we're analyzing the available information. The advisory will be updated to reflect the fact we're seeing active exploitation of this issue. NANOG members are welcome to contact us at psirt@cisco.com if they have any additional questions or concerns, or any information relevant to this issue. Thanks, Dario On 7/8/15 12:58 PM, Mark Mayfield wrote:
Come in this morning to find one failover pair of ASA's had the primary crash and failover, then a couple hours later, the secondary crash and failover, back to the primary.
Another pair running the same code had the primary crash and fail in the same time window.
So, three crashes in 4 hours in our environment.
Open a TAC case on one of these for post-mortem analysis, and they interpreted the crash dump to point at a DOS bug first published in Oct.
The very interesting thing; on the phone the TAC engineer said this was "the 10th one of these I've dealt with this morning".
Here's the bug they reference: https://tools.cisco.com/bugsearch/bug/CSCul36176/?reffering_site=dumpcr
Anyone else have observations to add on this?
Mark Mayfield City of Roseville - AS 54371 Network Systems Engineer
2660 Civic Center Drive Roseville, MN 55113 651-792-7098 Office