Cisco Secure Firewall ASA and FTD Software Remote Access VPN Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Remote Access SSL VPN service of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This vulnerability allows an authenticated remote VPN user to cause the device to reload unexpectedly, leading to a DoS condition. The issue arises from incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Remote Access SSL VPN service on the affected device.

Impact

Exploitation of this vulnerability causes the device to reload, creating a denial-of-service condition.

Remediation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain these security fixes through their usual update channels. For Cisco Secure Firewall FTD Software, hot fixes are available for version 7.4. Details on downloading and installing these hot fixes can be found in the Cisco Secure Firewall Threat Defense/Firepower Hotfix Release Notes.