On April 8, Cisco announced a security advisory for a Failover Command Injection Vulnerability in Cisco ASA. This vulnerability could allow an unauthenticated, adjacent attacker to submit configuration commands to any of the failover units via the failover interface. As a result, an attacker could be able to take full control of both the active and standby failover units. This vulnerability is documented in CVE ID CVE-2015-0675. The Common Vulnerability Scoring System (CVSS) temporal score for this vulnerability is 7.2.


The second April 2015 edition of SteelCentral NetAuditor Advisory Service update is now available for versions 18.0.0, 18.0.1, 18.0.2, and 18.0.3. This update includes a security advisory rule for identifying devices affected by this vulnerability.


  • New Security Advisory Rule
    • ASA Failover Command Injection Vulnerability (cisco-sa-20150408-asa)


You can download this update directly from NetAuditor by:

  • Manually selecting NetDoctor / Advisories / Download Now, or
  • Adding an automation step to download new update.
    See user guide section: "Modules / NetDoctor / SteelCentral NetAuditor Advisory Service"


You can also download the patch installer from the SAS Website (requires login).


Please contact Riverbed Technical Support with your questions/comments.



NetAuditor Product Management