from SANS Internet Storm Center, InfoCON: green
*Queue Back to the Future Music* Over more than a decade ago there was a major discovery in ASN1 that contributed to arguably one of the worst vulnerabilities in a long time. Fast forward *Queue awful fast forward tape music* to 2016 and ASN1 is here again. Please reference this link http://ift.tt/2a3SrFP for the major details as this unfolds regarding CVE-2016-5080.
So far, according to the CERT page [3] for vendors reporting in and so far our winners of the ASN1 award seem to be Objective Systems and Qualcomm Incorporated are reporting impact from 2016-5080">CVE 2016-5080. Honeywell and Hewlett Packard Enterprise are reporting “Not Affected”. Many other vendors are in an unknown state.
Wait Richard, what the h^&& is ASN1? [4] ASN1 is a standard that is jointly maintained and governed by the International Organization for Standardization (ISO), International Electroechnical Commission (IEC), and International Telecommunication Union (ITU-T). It is a syntax notation that makes up rules for encoding, transmitting, and decoding data [4]. Basically, it does A LOT of stuff and it is EVERYWHERE *a slightly panicked tone*.
Please review this CVE (CVE-2016-5080) and monitor it closely. We at the storm center will monitor this and update it as it unfolds.
