Cisco Secure Firewall ASA and FTD Software OSPF Protocol Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. This vulnerability allows an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, leading to a DoS condition. The issue arises from insufficient input validation when processing OSPF link-state update packets. An attacker with knowledge of the OSPF secret key could exploit this vulnerability by sending crafted OSPF LSU packets, corrupting the heap and causing the device to reload.

Impact

Exploitation of this vulnerability causes the affected device to reload unexpectedly, resulting in a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure FTD devices can be found in the Cisco Secure FMC upgrade guide. For Cisco Secure Firewall ASA, consult the Cisco Secure Firewall ASA Upgrade Guide. Customers can use the Cisco Software Checker tool to determine their exposure to this vulnerability and find the earliest fixed release.