Error allowed to compromise the system via specially crafted UDP-packages. In a number of Cisco ASA series of devices the discovered vulnerability could allow a remote attacker to execute arbitrary code.
Vulnerability CVE-2016-1287 has been assigned a critical risk rating. Successful exploitation of this vulnerability should be sent to the target system specially crafted UDP-packets. The vulnerability can be used on systems that are configured on the VPN - connection gap IKEv1 or IKEv2. Devices that are configured to rupture and Clientless SSL AnyConnect SSL VPN-connections , are not subject to this error.
According to the technical director of the SANS ISC Ulrich Johannes (Johannes Ulrich), the exploit is expected to be extended a UDP-enabled 500 or 4500.
The company has released a firmware fix for the affected devices . Administrators should install the update as soon as possible.