Cisco Secure Firewall ASA and FTD Software Remote Access SSL VPN Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software) and Secure Firewall Threat Defense (FTD) Software. This vulnerability allows an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, creating a DoS condition. The issue arises from the LUA interpreter, which trusts user input without proper validation. Exploitation involves sending crafted HTTP packets to the Remote Access SSL VPN server, causing the device to reload and disrupt VPN connections. The vulnerability does not impact the management or MUS interfaces.

Impact

Exploitation of this vulnerability leads to an unexpected device reload, causing a denial-of-service condition on the affected device.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure FTD devices are available in the Cisco Secure FMC upgrade guide. For Cisco Secure Firewall ASA, the Cisco Software Checker can be used to determine exposure to this vulnerability and identify the first fixed release.