Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerabilities

🚨 SEVERITY: HIGH — CVSS 8.6 Security Advisory

TL;DR 📌

Multiple vulnerabilities have been identified in Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Software, allowing unauthenticated remote attackers to cause denial of service (DoS) conditions. Cisco has released software updates to address these vulnerabilities, but there are no workarounds available.

What happened 🕵️‍♂️

Cisco has disclosed vulnerabilities in the management and VPN web servers of its Secure Firewall ASA and FTD Software. These vulnerabilities stem from improper validation of user-supplied input, enabling attackers to send crafted HTTP requests that could lead to the device becoming unresponsive or unexpectedly reloading, resulting in a denial of service (DoS) condition.

Affected products 🖥️

The vulnerabilities affect:

  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
  • Cisco Secure Firewall Threat Defense (FTD) Software

Fixed software 🔧

Upgrade to the first fixed release in your train (or later):

Release / Product First Fixed Release Notes
1.0 Initial public release.

Workarounds 🧯

There are no workarounds available to mitigate these vulnerabilities.

Risk in context 🎯

The vulnerabilities have a CVSS score of 8.6, categorizing them as High severity. They are exploitable remotely without authentication, which increases the risk significantly. Successful exploitation could lead to service disruptions, impacting availability.

Fast facts ⚡

  • CVSS Score: 8.6 (High)
  • Vulnerabilities: Denial of Service (DoS)
  • Exploitation: Requires crafted HTTP requests
  • Workarounds: None available
  • Fixed Software: Updates released; specific versions not listed

For leadership 🧭

The disclosed vulnerabilities in Cisco Secure Firewall ASA and FTD Software present a High risk (CVSS 8.6). They are exploitable by unauthenticated remote attackers, potentially leading to service outages. Immediate remediation is necessary, with a recommendation to patch within 7 days, as no workarounds exist. The operational impact is expected to be minimal, requiring a brief maintenance window without config drift.

  • Now: Assess affected devices using the provided commands and prepare for patching.
  • Next: Schedule and implement software updates within 7 days.
  • Later: Monitor for any unusual activity and ensure compliance with security policies.