Cisco PIX/ASA has the following two vunrabilities
1. Crafted MGCP Packet
MGCP is a protocol for controlling media gateways from external call
control elements such as Media Gateway Controllers or Call Agents. Cisco
PIX or ASA security appliance with the Media Gateway Control Protocol
(MGCP) application layer protocol inspection feature enabled may reload
when the device processes a crafted MGCP packet.
2. Crafted TLS Packet
Transport Layer Security (TLS) is the replacement for the Secure Socket
Layer (SSL) protocol. It is a protocol that provides secure communications
between two end-points, via cryptography. The PIX and ASA may be affected
by vulnerability in the handling of the TLS protocol that may lead to
reload the device when specially crafted TLS packets are processed.
Applications affected by this vulnerability are clientless Web-VPN
connections, HTTPS management sessions, cut-through proxy for network
access, and TLS proxy for encrypted voice inspection.
I need to find a workaround for these two vunrabilities.
Pl suggest what would be the accesslist for blocking crafted mgcp packets and tls packets in my asa.It runs on 7.2 code