Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability
TL;DR 📌
A high-severity vulnerability in Cisco Secure Firewall ASA and FTD Software could allow unauthenticated remote attackers to trigger a denial of service (DoS) by sending a crafted SSL/TLS certificate. Immediate action is required to patch affected systems.
What happened 🕵️♂️
Cisco has identified a vulnerability in the certificate processing of its Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. This flaw allows an unauthenticated remote attacker to send a specially crafted SSL/TLS certificate to an affected device, potentially causing it to reload unexpectedly and resulting in a denial of service (DoS) condition.
Affected products 🖥️
The vulnerability affects:
- Cisco Secure Firewall ASA Software Release 9.15 and earlier
- Cisco Secure Firewall FTD Software Release 6.7 and earlier
Devices with an SSL/TLS listening socket running these software versions are at risk.
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 9.15 and earlier | Migrate to a fixed release. | |
| 6.7 and earlier | Migrate to a fixed release. | |
| 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds available for this vulnerability.
Risk in context 🎯
With a CVSS score of 8.6, this vulnerability is rated as High severity. The risk is significant due to the potential for unauthenticated remote exploitation, which could lead to service outages. Organizations using affected products should prioritize patching to mitigate the risk of a DoS attack.
Fast facts ⚡
- Vulnerability: SSL/TLS Certificate Denial of Service
- CVSS Score: 8.6 (High)
- Attack Vector: Remote, unauthenticated
- Impact: Device reload leading to DoS
- Workarounds: None available
For leadership 🧭
This vulnerability poses a High risk to your organization, given its potential for remote exploitation without authentication. The exposure is primarily driven by the internet-facing nature of affected devices, which could lead to significant service disruptions. It is crucial to patch affected systems within 7 days to mitigate the risk of exploitation.
- Now: Identify affected devices and plan for immediate software upgrades.
- Next: Implement the necessary patches to secure your systems.
- Later: Review security policies and practices to prevent similar vulnerabilities in the future.
The operational impact of applying these patches is expected to be minimal, requiring only a brief maintenance window with no anticipated configuration drift.