First published: Wed Oct 02 2019(Updated: )
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco ASA Software | =9.12<9.12.2.1=9.10<9.10.1.27>=9.7=9.8<=9.9<9.9.2.59>=Earlier than 9.4=9.4=9.5<=9.6<9.6.4.34 | 9.12.2.1 9.10.1.27 9.9.2.59 9.6.4.34 |
Cisco FTD Software | >=Earlier than 6.1.0=6.1.0=6.2.0=6.2.1=6.2.2<=6.2.3<6.2.3.15 | 6.2.3.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of cisco-sa-20191002-asa-ospf-lsa-dos is rated as high with a score of 7.4.
To fix cisco-sa-20191002-asa-ospf-lsa-dos, you should upgrade your Cisco ASA Software or Cisco FTD Software to the recommended versions.
cisco-sa-20191002-asa-ospf-lsa-dos affects Cisco ASA Software versions earlier than 9.12.2.1 and 9.10.1.27, as well as Cisco FTD Software versions earlier than 6.2.3.15.
The impact of cisco-sa-20191002-asa-ospf-lsa-dos is a denial of service (DoS) which could cause a reload of the affected device.
An unauthenticated, adjacent attacker can exploit cisco-sa-20191002-asa-ospf-lsa-dos.