cisco-sa-20190501-asa-frpwrtd-dos: Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software TCP Timer Handling Denial of Service Vulnerability
First published: Wed May 01 2019(Updated: )
A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker who is using a TCP protocol that is configured for inspection could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-frpwrtd-dos
Credit: This vulnerability was found during the resolution a Cisco TAC support case
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco ASA Software | =9.10<9.10.1.17>=9.7=9.8<=9.9<9.9.2.50=9.6<9.6.4.25=9.5<9.6.4.25=9.4<9.4.4.34 | 9.10.1.17 9.9.2.50 9.6.4.25 9.6.4.25 9.4.4.34 |
| Cisco FTD Software | =6.2.3<6.2.3.12=6.2.2<6.2.3.12=6.2.1<6.2.3.12=6.2.0<6.2.3.12=6.1.0<6.2.3.12=6.0.1<6.2.3.12=6.0<6.2.3.12 | 6.2.3.12 6.2.3.12 6.2.3.12 6.2.3.12 6.2.3.12 6.2.3.12 6.2.3.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-20190501-asa-frpwrtd-dos?
The severity of cisco-sa-20190501-asa-frpwrtd-dos is rated as high, as it can lead to a denial of service condition.
How do I fix cisco-sa-20190501-asa-frpwrtd-dos?
To fix cisco-sa-20190501-asa-frpwrtd-dos, you should upgrade to a specified secure version of Cisco ASA Software or FTD Software.
Who is affected by cisco-sa-20190501-asa-frpwrtd-dos?
Devices running vulnerable versions of Cisco ASA Software and Cisco FTD Software are affected by cisco-sa-20190501-asa-frpwrtd-dos.
What are the affected software versions in cisco-sa-20190501-asa-frpwrtd-dos?
The affected software versions for cisco-sa-20190501-asa-frpwrtd-dos include Cisco ASA Software from 9.4 to 9.10 and Cisco FTD Software from 6.0 to 6.2.3.
Can cisco-sa-20190501-asa-frpwrtd-dos be exploited remotely?
Yes, cisco-sa-20190501-asa-frpwrtd-dos can be exploited by an unauthenticated, remote attacker.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/title
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco asa software
- version/cisco asa software/9.10
- version/cisco asa software/9.7
- version/cisco asa software/9.8
- version/cisco asa software/9.9
- version/cisco asa software/9.6
- version/cisco asa software/9.5
- version/cisco asa software/9.4
- canonical/cisco ftd software
- version/cisco ftd software/6.2.3
- version/cisco ftd software/6.2.2
- version/cisco ftd software/6.2.1
- version/cisco ftd software/6.2.0
- version/cisco ftd software/6.1.0
- version/cisco ftd software/6.0.1
- version/cisco ftd software/6.0