Cisco Secure Firewall ASA and FTD Software OSPF Memory Exhaustion Vulnerability Allowing Denial-of-Service

A vulnerability exists in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This vulnerability could enable an authenticated, adjacent attacker to exhaust memory on an affected device, leading to a denial-of-service (DoS) condition. The issue arises from improper input validation by the OSPF protocol when processing packets. An attacker could exploit this vulnerability by sending crafted OSPF packets to the device, causing memory exhaustion and resulting in a DoS condition.

Impact

Exploitation of this vulnerability leads to memory exhaustion on the affected device, causing it to become unresponsive or unavailable.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure FTD devices can be found in the Cisco Secure FMC upgrade guide. For Cisco Secure Firewall ASA, consult the Cisco Secure Firewall ASA Upgrade Guide and Compatibility Matrix.