Cisco Secure Firewall ASA and FTD Software Remote Access SSL VPN Authenticated Memory Exhaustion Denial-of-Service Vulnerability

A vulnerability exists in the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. This vulnerability allows an authenticated, remote attacker with a valid VPN connection to exhaust device memory, leading to a denial-of-service (DoS) condition. The issue arises from improper validation of user input, enabling attackers to send crafted packets to the Remote Access SSL VPN server. Exploitation of this vulnerability can cause the device to reload, disrupting new Remote Access SSL VPN connections and potentially causing the management interface to become temporarily unresponsive.

Impact

Exploitation of this vulnerability exhausts device memory, causing a denial-of-service condition for new Remote Access SSL VPN connections. This may temporarily disrupt the management interface, requiring a manual reboot to restore normal functionality.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure FTD devices are available in the Cisco Secure FMC upgrade guide. For Cisco Secure Firewall ASA, consult the Cisco Secure Firewall ASA Upgrade Guide and Compatibility Matrix.