First published: Wed May 06 2020(Updated: )
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx This advisory is part of the May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 12 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
Credit: This vulnerability was found by Santosh Krishnamurthy Cisco during internal security testing
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco ASA Software | =9.13<9.13.1.7=9.12<9.12.3.7=9.10<9.10.1.37=9.9<9.9.2.66>=9.7<=9.8<9.8.4.17=9.6<9.6.4.40 | 9.13.1.7 9.12.3.7 9.10.1.37 9.9.2.66 9.8.4.17 9.6.4.40 |
Cisco FTD Software | >=6.4.0<=6.5.0<6.5.0.5 (future release)Cisco_FTD_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_FP1K_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_FP2K_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_Hotfix_H-6.5.0.5-2.sh.REL.tar and later=6.3.0<6.3.0.6 (future release)Cisco_FTD_Hotfix_AO-6.3.0.6-2.sh.REL.tarCisco_FTD_SSP_FP2K_Hotfix_ AO-6.3.0.6-2.sh.REL.tarCisco_FTD_SSP_Hotfix_ AO-6.3.0.6-2.sh.REL.tar=6.2.3<6.2.3.16 (June 2020)Cisco_FTD_Hotfix_DT-6.2.3.16-3.sh.REL.tarCisco_FTD_SSP_FP2K_Hotfix_DT-6.2.3.16-3.sh.REL.tarCisco_FTD_SSP_Hotfix_DT-6.2.3.16-3.sh.REL.tar | 6.5.0.5 (future release)Cisco_FTD_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_FP1K_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_FP2K_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_Hotfix_H-6.5.0.5-2.sh.REL.tar and later 6.3.0.6 (future release)Cisco_FTD_Hotfix_AO-6.3.0.6-2.sh.REL.tarCisco_FTD_SSP_FP2K_Hotfix_ AO-6.3.0.6-2.sh.REL.tarCisco_FTD_SSP_Hotfix_ AO-6.3.0.6-2.sh.REL.tar 6.2.3.16 (June 2020)Cisco_FTD_Hotfix_DT-6.2.3.16-3.sh.REL.tarCisco_FTD_SSP_FP2K_Hotfix_DT-6.2.3.16-3.sh.REL.tarCisco_FTD_SSP_Hotfix_DT-6.2.3.16-3.sh.REL.tar |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco ASA and FTD software vulnerability is cisco-sa-asa-ftd-ospf-dos-RhMQY8qx.
The severity rating of the Cisco ASA and FTD software vulnerability is 8.6 (high).
The affected versions of Cisco ASA Software are 9.13 up to exclusive 9.13.1.7, 9.12 up to exclusive 9.12.3.7, 9.10 up to exclusive 9.10.1.37, 9.9 up to exclusive 9.9.2.66, 9.7 up to inclusive 9.8, and 9.6 up to exclusive 9.6.4.40.
The affected versions of Cisco FTD Software are 6.4.0 up to inclusive 6.5.0, and 6.2.3 up to exclusive 6.2.3.16 (June 2020).
To fix the Cisco ASA and FTD software vulnerability, apply the recommended remediation or update provided by Cisco based on your specific affected software version.