Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability

2018-04-1816:00:00

tools.cisco.com

0.003 Low

EPSS

Percentile

70.2%

JSON

A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3”]

CPENameOperatorVersion
cisco adaptive security appliance (asa) softwareeq9.2
cisco adaptive security appliance (asa) softwareeq9.3
cisco adaptive security appliance (asa) softwareeq9.4
cisco adaptive security appliance (asa) softwareeq9.5
cisco adaptive security appliance (asa) softwareeq9.6
cisco adaptive security appliance (asa) softwareeq9.7
cisco adaptive security appliance (asa) softwareeq9.8
cisco adaptive security appliance (asa) softwareeq9.2.1
cisco adaptive security appliance (asa) softwareeq9.2.2
cisco adaptive security appliance (asa) softwareeq9.2.2.4

Name	Operator	Version
cisco adaptive security appliance (asa) software	eq	9.2
cisco adaptive security appliance (asa) software	eq	9.3
cisco adaptive security appliance (asa) software	eq	9.4
cisco adaptive security appliance (asa) software	eq	9.5
cisco adaptive security appliance (asa) software	eq	9.6
cisco adaptive security appliance (asa) software	eq	9.7
cisco adaptive security appliance (asa) software	eq	9.8
cisco adaptive security appliance (asa) software	eq	9.2.1
cisco adaptive security appliance (asa) software	eq	9.2.2
cisco adaptive security appliance (asa) software	eq	9.2.2.4