First published: Wed May 06 2020(Updated: )
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of
Credit: Mikhail Klyuchnikov Positive TechnologiesNikita Abramov Positive Technologies
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco ASA Software | =9.13<9.13.1.10=9.12<9.12.3.9=9.10<9.10.1.40=9.9<9.9.2.67>=9.7<=9.8<9.8.4.20>=Earlier than 9.5=9.5<=9.6<9.6.4.41 | 9.13.1.10 9.12.3.9 9.10.1.40 9.9.2.67 9.8.4.20 9.6.4.41 |
Cisco FTD Software | >=6.4.0<=6.5.0<6.5.0.5 (future release)Cisco_FTD_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_FP1K_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_FP2K_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_Hotfix_H-6.5.0.5-2.sh.REL.tar and later=6.3.0<6.3.0.6 (future release)Cisco_FTD_Hotfix_AO-6.3.0.6-2.sh.REL.tarCisco_FTD_SSP_FP2K_Hotfix_ AO-6.3.0.6-2.sh.REL.tarCisco_FTD_SSP_Hotfix_ AO-6.3.0.6-2.sh.REL.tar>=Earlier than 6.2.3<=6.2.3<6.2.3.16 (June 2020)Cisco_FTD_Hotfix_DT-6.2.3.16-3.sh.REL.tarCisco_FTD_SSP_FP2K_Hotfix_DT-6.2.3.16-3.sh.REL.tarCisco_FTD_SSP_Hotfix_DT-6.2.3.16-3.sh.REL.tar | 6.5.0.5 (future release)Cisco_FTD_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_FP1K_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_FP2K_Hotfix_H-6.5.0.5-2.sh.REL.tar and laterCisco_FTD_SSP_Hotfix_H-6.5.0.5-2.sh.REL.tar and later 6.3.0.6 (future release)Cisco_FTD_Hotfix_AO-6.3.0.6-2.sh.REL.tarCisco_FTD_SSP_FP2K_Hotfix_ AO-6.3.0.6-2.sh.REL.tarCisco_FTD_SSP_Hotfix_ AO-6.3.0.6-2.sh.REL.tar 6.2.3.16 (June 2020)Cisco_FTD_Hotfix_DT-6.2.3.16-3.sh.REL.tarCisco_FTD_SSP_FP2K_Hotfix_DT-6.2.3.16-3.sh.REL.tarCisco_FTD_SSP_Hotfix_DT-6.2.3.16-3.sh.REL.tar |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco ASA Software and Firepower Threat Defense (FTD) Software vulnerability is cisco-sa-asaftd-info-disclose-9eJtycMB.
The severity level of vulnerability cisco-sa-asaftd-info-disclose-9eJtycMB is high.
The affected software is Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.
An unauthenticated, remote attacker can retrieve memory contents on an affected device, leading to the disclosure of confidential information.
Yes, there are specific versions available for Cisco ASA Software and FTD Software that address this vulnerability.