cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c: Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability
First published: Wed Apr 28 2021(Updated: )
A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c This advisory is part of the April 2021 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2021 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
Credit: This vulnerability was found by Sanmith Prakash Cisco during internal security testing
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FTD Software |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c.
What is the severity level of cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c?
The severity level of cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c is high.
What is the affected software of cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c?
The affected software of cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c is Cisco Firepower Threat Defense (FTD) Software.
How can an unauthenticated, remote attacker exploit cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c?
An unauthenticated, remote attacker can trigger a reload of an affected device by exploiting cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c.
Where can I find more information about cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c?
You can find more information about cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c at the Cisco Security Advisory page.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco ftd software