Intrusion Prevention



This indicates an attempt to exploit the BlackNurse Denial Of Service vulnerability in various products.
The vulnerability is due to improper handling of ICMP type 3 code 3 requests. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system. The signature detects for 250 ICMP requests within 1 second. Customers should adjust the rate to suit their needs.

Affected Products

Cisco ASA 5515, 5525 (default settings)
Cisco ASA 5550 (Legacy) and 5515-X (latest generation)


Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

Other References