Cisco Secure Firewall ASA and FTD Remote Access SSL VPN Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to exhaust device memory, causing a denial-of-service condition for new Remote Access SSL VPN connections. While this issue does not affect the management interface, it may temporarily disrupt responsiveness.

Impact

Exploitation of this vulnerability leads to memory exhaustion, causing the device to become unresponsive to new Remote Access SSL VPN connections. The management interface may also become temporarily unresponsive.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure FTD devices are available in the Cisco Secure FMC upgrade guide. For Cisco Secure Firewall ASA, consult the Cisco Secure Firewall ASA Upgrade Guide and use the Cisco Software Checker tool to identify the first fixed release.