CISCO CVE-2016-1287 VULNERABILITY PROBLEM
Yesterday Cisco released an out of band patch for an ASA vulnerability (CVE-2016-1287) that permits remote code execution for any ASA device enabled for IKE / IPSec.
You can validate if your configuration is affected using the following command:
show run crypto map | include interface
The Cisco advisory indicates that there is no way to mitigate this threat. There are a large number of vulnerable ASA firmware versions that have not and will not receive fixes. Customers should be aware of the difficulty in migrating from 8.2 to newer versions because of the complete restructuring of NAT rules.