Cisco Secure Firewall ASA and FTD Software OSPF Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. This vulnerability allows an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, leading to a DoS condition. The issue arises from insufficient input validation when processing OSPF link-state update packets. Exploitation involves sending crafted, unauthenticated OSPF packets, which can overwrite memory outside the packet data, causing the device to crash and reboot.

Impact

Exploitation of this vulnerability causes the affected device to reload unexpectedly, creating a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure FTD devices are available in the Cisco Secure FMC upgrade guide. For Cisco Secure Firewall ASA, consult the Cisco Secure Firewall ASA Upgrade Guide and Compatibility Guide.