Unrated severityNVD Advisory· Published Aug 9, 2010· Updated Apr 29, 2026

CVE-2010-1578

Description

Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Crafted SunRPC UDP packets cause denial of service (device reload) on Cisco ASA and PIX devices running vulnerable software versions.

Vulnerability

The SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series and PIX 500 series devices contains an unspecified vulnerability in the handling of crafted SunRPC UDP packets. Affected software versions include ASA 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2), as well as corresponding PIX versions [1]. The vulnerability is triggered when the device processes specially crafted SunRPC UDP traffic through the inspection engine.

Exploitation

An attacker can exploit this vulnerability by sending a crafted SunRPC UDP packet to an affected device. No authentication is required, and the attack can be launched remotely over the network. The attacker does not need any prior access or special privileges; the only requirement is that the device has SunRPC inspection enabled and is reachable via UDP [1].

Impact

Successful exploitation causes the affected device to reload, resulting in a denial of service (DoS) condition. This disrupts all traffic passing through the device until it completes the reload process. The impact is limited to availability; there is no indication of information disclosure or privilege escalation [1].

Mitigation

Cisco has released fixed software versions: 7.2(5), 8.0(5.19), 8.1(2.47), and 8.2(2) for ASA, and corresponding updates for PIX devices. Administrators should upgrade to these or later versions. As a workaround, disabling SunRPC inspection or applying access control lists to block untrusted SunRPC UDP traffic can reduce exposure [1]. No known public exploit code has been reported, and the vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.

References

Cisco Products: Networking, Security, Data Center

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Cisco Adaptive Security Appliance24 versions
cpe:2.3:o:cisco:adaptive_security_appliance:7.2\(3\):*:*:*:*:*:*:*+ 23 more
- cpe:2.3:o:cisco:adaptive_security_appliance:7.2\(3\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance:7.2\(4\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance:7.2\(5\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance:8.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance:8.0\(3\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance:8.0\(4\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance:8.0\(5\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance:8.1\(1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance:8.1\(2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance:8.2\(1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(1.22\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.10\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.14\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.15\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.16\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.17\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.19\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.48\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.5\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.7\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.8\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*
Cisco Systems, Inc./ASA 5500 Seriesllm-fuzzy
Range: <7.2(5), <8.0(5.19), <8.1(2.47), <8.2(2)
Cisco Systems, Inc./PIX Security Appliance 500 Seriesllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtmlnvdPatchVendor Advisory
secunia.com/advisories/40842nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000