Cisco Secure Firewall ASA and FTD Software OSPF Protocol Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. This vulnerability allows an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, leading to a DoS condition. The issue arises from insufficient input validation when processing OSPF update packets, which could be exploited by sending crafted OSPF packets. If OSPF authentication is enabled, the attacker must know the secret key to exploit this vulnerability.

Impact

Exploitation of this vulnerability causes the affected device to reload unexpectedly, resulting in a denial-of-service condition.

Remediation

Cisco has released software updates that address this vulnerability. For instructions on upgrading Cisco Secure FTD Software, refer to the Cisco Secure FMC upgrade guide. To determine the best release to upgrade to, consult the Cisco Secure Firewall Threat Defense Compatibility Guide.