[OmniOS-discuss] Interesting Nessus Scan Result

Software Information softwareinforjam at gmail.com
Thu Apr 20 03:14:55 UTC 2017


Hi All
I have my OmniOS box up and running with the latest patches and I ran
Nessus against it to see what it would find. It showed two high
vulnerabilities. One for RIP but disabling the routing daemon solved that
one. I am stuck on the second one.

Nessus reports "Cisco ASA Software CLI Invalid Command Invocation
(cisco-sa-20160817-asa-cli) (EPICBANANA)"

Description
The Cisco Adaptive Security Appliance (ASA) is missing a vendor-supplied
security patch. It is, therefore, affected by a flaw in the command-line
interface (CLI) parser related to processing invalid commands. An
authenticated, local attacker can exploit this, via certain invalid
commands, to cause a denial of service condition or the execution of
arbitrary code.

Note that this vulnerability also affects Cisco PIX Firewalls and the Cisco
Firewall Services Module (FWSM).

EPICBANANA is one of multiple Equation Group vulnerabilities and exploits
disclosed on 2016/08/14 by a group known as the Shadow Brokers.


How can I get rid of this one. Any ideas anyone?

Regards.
SI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20170419/f7d814e1/attachment.html>


More information about the OmniOS-discuss mailing list