Lucene search

CiscoCISCO-SA-20170419-ASA-NORM

HistoryApr 19, 2017 - 4:00 p.m.

Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability

2017-04-1916:00:00

tools.cisco.com

EPSS

0.002

Percentile

60.4%

JSON

A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm”]

Affected configurations

Vulners

Node

ciscoadaptive_security_appliance_softwareMatch8.0

ciscoadaptive_security_appliance_softwareMatch8.2

ciscoadaptive_security_appliance_softwareMatch8.1

ciscoadaptive_security_appliance_softwareMatch8.3

ciscoadaptive_security_appliance_softwareMatch8.4

ciscoadaptive_security_appliance_softwareMatch8.5

ciscoadaptive_security_appliance_softwareMatch8.6

ciscoadaptive_security_appliance_softwareMatch8.7

ciscoadaptive_security_appliance_softwareMatch9.0

ciscoadaptive_security_appliance_softwareMatch9.1

ciscoadaptive_security_appliance_softwareMatch9.2

ciscoadaptive_security_appliance_softwareMatch9.3

ciscoadaptive_security_appliance_softwareMatch9.4

ciscoadaptive_security_appliance_softwareMatch9.5

ciscoadaptive_security_appliance_softwareMatch9.6

ciscoadaptive_security_appliance_softwareMatch8.0.2.11

ciscoadaptive_security_appliance_softwareMatch8.0.4

ciscoadaptive_security_appliance_softwareMatch8.0.3

ciscoadaptive_security_appliance_softwareMatch8.0.2

ciscoadaptive_security_appliance_softwareMatch8.0.1.2

ciscoadaptive_security_appliance_softwareMatch8.0.4.25

ciscoadaptive_security_appliance_softwareMatch8.0.4.28

ciscoadaptive_security_appliance_softwareMatch8.0.4.33

ciscoadaptive_security_appliance_softwareMatch8.0.4.32

ciscoadaptive_security_appliance_softwareMatch8.0.5

ciscoadaptive_security_appliance_softwareMatch8.0.2.15

ciscoadaptive_security_appliance_softwareMatch8.0.3.6

ciscoadaptive_security_appliance_softwareMatch8.0.3.12

ciscoadaptive_security_appliance_softwareMatch8.0.3.19

ciscoadaptive_security_appliance_softwareMatch8.0.4.3

ciscoadaptive_security_appliance_softwareMatch8.0.4.9

ciscoadaptive_security_appliance_softwareMatch8.0.4.16

ciscoadaptive_security_appliance_softwareMatch8.0.4.23

ciscoadaptive_security_appliance_softwareMatch8.0.4.31

ciscoadaptive_security_appliance_softwareMatch8.0.5.20

ciscoadaptive_security_appliance_softwareMatch8.0.5.23

ciscoadaptive_security_appliance_softwareMatch8.0.5.25

ciscoadaptive_security_appliance_softwareMatch8.0.5.27

ciscoadaptive_security_appliance_softwareMatch8.0.5.28

ciscoadaptive_security_appliance_softwareMatch8.0.5.31

ciscoadaptive_security_appliance_softwareMatch8.2.0.45

ciscoadaptive_security_appliance_softwareMatch8.2.1

ciscoadaptive_security_appliance_softwareMatch8.2.2

ciscoadaptive_security_appliance_softwareMatch8.2.2.10

ciscoadaptive_security_appliance_softwareMatch8.2.3

ciscoadaptive_security_appliance_softwareMatch8.2.4

ciscoadaptive_security_appliance_softwareMatch8.2.1.11

ciscoadaptive_security_appliance_softwareMatch8.2.2.9

ciscoadaptive_security_appliance_softwareMatch8.2.2.12

ciscoadaptive_security_appliance_softwareMatch8.2.2.16

ciscoadaptive_security_appliance_softwareMatch8.2.4.1

ciscoadaptive_security_appliance_softwareMatch8.2.4.4

ciscoadaptive_security_appliance_softwareMatch8.2.5

ciscoadaptive_security_appliance_softwareMatch8.2.5.13

ciscoadaptive_security_appliance_softwareMatch8.2.5.22

ciscoadaptive_security_appliance_softwareMatch8.2.5.26

ciscoadaptive_security_appliance_softwareMatch8.2.2.17

ciscoadaptive_security_appliance_softwareMatch8.2.5.33

ciscoadaptive_security_appliance_softwareMatch8.2.5.40

ciscoadaptive_security_appliance_softwareMatch8.2.5.41

ciscoadaptive_security_appliance_softwareMatch8.2.5.46

ciscoadaptive_security_appliance_softwareMatch8.2.5.48

ciscoadaptive_security_appliance_softwareMatch8.2.5.50

ciscoadaptive_security_appliance_softwareMatch8.2.5.52

ciscoadaptive_security_appliance_softwareMatch8.2.5.55

ciscoadaptive_security_appliance_softwareMatch8.2.5.57

ciscoadaptive_security_appliance_softwareMatch8.2.5.59

ciscoadaptive_security_appliance_softwareMatch8.1.1

ciscoadaptive_security_appliance_softwareMatch8.1.2

ciscoadaptive_security_appliance_softwareMatch8.1.2.15

ciscoadaptive_security_appliance_softwareMatch8.1.2.16

ciscoadaptive_security_appliance_softwareMatch8.1.2.19

ciscoadaptive_security_appliance_softwareMatch8.1.2.23

ciscoadaptive_security_appliance_softwareMatch8.1.2.24

ciscoadaptive_security_appliance_softwareMatch8.1.2.50

ciscoadaptive_security_appliance_softwareMatch8.1.1.6

ciscoadaptive_security_appliance_softwareMatch8.1.2.13

ciscoadaptive_security_appliance_softwareMatch8.1.2.49

ciscoadaptive_security_appliance_softwareMatch8.1.2.55

ciscoadaptive_security_appliance_softwareMatch8.1.2.56

ciscoadaptive_security_appliance_softwareMatch8.1.0.104

ciscoadaptive_security_appliance_softwareMatch8.3.1.1

ciscoadaptive_security_appliance_softwareMatch8.3.1

ciscoadaptive_security_appliance_softwareMatch8.3.2

ciscoadaptive_security_appliance_softwareMatch8.3.2.23

ciscoadaptive_security_appliance_softwareMatch8.3.2.25

ciscoadaptive_security_appliance_softwareMatch8.3.1.4

ciscoadaptive_security_appliance_softwareMatch8.3.1.6

ciscoadaptive_security_appliance_softwareMatch8.3.2.4

ciscoadaptive_security_appliance_softwareMatch8.3.2.13

ciscoadaptive_security_appliance_softwareMatch8.3.2.31

ciscoadaptive_security_appliance_softwareMatch8.3.2.33

ciscoadaptive_security_appliance_softwareMatch8.3.2.34

ciscoadaptive_security_appliance_softwareMatch8.3.2.37

ciscoadaptive_security_appliance_softwareMatch8.3.2.39

ciscoadaptive_security_appliance_softwareMatch8.3.2.40

ciscoadaptive_security_appliance_softwareMatch8.3.2.41

ciscoadaptive_security_appliance_softwareMatch8.3.2.44

ciscoadaptive_security_appliance_softwareMatch8.4.1

ciscoadaptive_security_appliance_softwareMatch8.4.2

ciscoadaptive_security_appliance_softwareMatch8.4.1.3

ciscoadaptive_security_appliance_softwareMatch8.4.1.11

ciscoadaptive_security_appliance_softwareMatch8.4.2.8

ciscoadaptive_security_appliance_softwareMatch8.4.3

ciscoadaptive_security_appliance_softwareMatch8.4.3.8

ciscoadaptive_security_appliance_softwareMatch8.4.3.9

ciscoadaptive_security_appliance_softwareMatch8.4.4

ciscoadaptive_security_appliance_softwareMatch8.4.4.1

ciscoadaptive_security_appliance_softwareMatch8.4.4.3

ciscoadaptive_security_appliance_softwareMatch8.4.4.5

ciscoadaptive_security_appliance_softwareMatch8.4.4.9

ciscoadaptive_security_appliance_softwareMatch8.4.5

ciscoadaptive_security_appliance_softwareMatch8.4.5.6

ciscoadaptive_security_appliance_softwareMatch8.4.6

ciscoadaptive_security_appliance_softwareMatch8.4.2.1

ciscoadaptive_security_appliance_softwareMatch8.4.7

ciscoadaptive_security_appliance_softwareMatch8.4.7.3

ciscoadaptive_security_appliance_softwareMatch8.4.7.15

ciscoadaptive_security_appliance_softwareMatch8.4.7.22

ciscoadaptive_security_appliance_softwareMatch8.4.7.23

ciscoadaptive_security_appliance_softwareMatch8.4.7.26

ciscoadaptive_security_appliance_softwareMatch8.4.7.28

ciscoadaptive_security_appliance_softwareMatch8.4.7.29

ciscoadaptive_security_appliance_softwareMatch8.5.1

ciscoadaptive_security_appliance_softwareMatch8.5.1.1

ciscoadaptive_security_appliance_softwareMatch8.5.1.6

ciscoadaptive_security_appliance_softwareMatch8.5.1.7

ciscoadaptive_security_appliance_softwareMatch8.5.1.14

ciscoadaptive_security_appliance_softwareMatch8.5.1.17

ciscoadaptive_security_appliance_softwareMatch8.5.1.18

ciscoadaptive_security_appliance_softwareMatch8.5.1.19

ciscoadaptive_security_appliance_softwareMatch8.5.1.21

ciscoadaptive_security_appliance_softwareMatch8.5.1.24

ciscoadaptive_security_appliance_softwareMatch8.6.1.1

ciscoadaptive_security_appliance_softwareMatch8.6.1

ciscoadaptive_security_appliance_softwareMatch8.6.1.2

ciscoadaptive_security_appliance_softwareMatch8.6.1.5

ciscoadaptive_security_appliance_softwareMatch8.6.1.10

ciscoadaptive_security_appliance_softwareMatch8.6.1.12

ciscoadaptive_security_appliance_softwareMatch8.6.1.13

ciscoadaptive_security_appliance_softwareMatch8.6.1.14

ciscoadaptive_security_appliance_softwareMatch8.6.1.17

ciscoadaptive_security_appliance_softwareMatch8.7.1

ciscoadaptive_security_appliance_softwareMatch8.7.1.1

ciscoadaptive_security_appliance_softwareMatch8.7.1.3

ciscoadaptive_security_appliance_softwareMatch8.7.1.4

ciscoadaptive_security_appliance_softwareMatch8.7.1.7

ciscoadaptive_security_appliance_softwareMatch8.7.1.8

ciscoadaptive_security_appliance_softwareMatch8.7.1.11

ciscoadaptive_security_appliance_softwareMatch8.7.1.13

ciscoadaptive_security_appliance_softwareMatch8.7.1.16

ciscoadaptive_security_appliance_softwareMatch8.7.1.17

ciscoadaptive_security_appliance_softwareMatch9.0.1

ciscoadaptive_security_appliance_softwareMatch9.0.2

ciscoadaptive_security_appliance_softwareMatch9.0.2.10

ciscoadaptive_security_appliance_softwareMatch9.0.3

ciscoadaptive_security_appliance_softwareMatch9.0.3.6

ciscoadaptive_security_appliance_softwareMatch9.0.3.8

ciscoadaptive_security_appliance_softwareMatch9.0.4

ciscoadaptive_security_appliance_softwareMatch9.0.4.1

ciscoadaptive_security_appliance_softwareMatch9.0.4.5

ciscoadaptive_security_appliance_softwareMatch9.0.4.17

ciscoadaptive_security_appliance_softwareMatch9.0.4.20

ciscoadaptive_security_appliance_softwareMatch9.0.4.24

ciscoadaptive_security_appliance_softwareMatch9.0.4.7

ciscoadaptive_security_appliance_softwareMatch9.0.4.26

ciscoadaptive_security_appliance_softwareMatch9.0.4.29

ciscoadaptive_security_appliance_softwareMatch9.0.4.33

ciscoadaptive_security_appliance_softwareMatch9.0.4.37

ciscoadaptive_security_appliance_softwareMatch9.0.4.35

ciscoadaptive_security_appliance_softwareMatch9.0.4.40

ciscoadaptive_security_appliance_softwareMatch9.0.4.42

ciscoadaptive_security_appliance_softwareMatch9.1.1

ciscoadaptive_security_appliance_softwareMatch9.1.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.2

ciscoadaptive_security_appliance_softwareMatch9.1.3

ciscoadaptive_security_appliance_softwareMatch9.1.2.8

ciscoadaptive_security_appliance_softwareMatch9.1.3.2

ciscoadaptive_security_appliance_softwareMatch9.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.4.5

ciscoadaptive_security_appliance_softwareMatch9.1.5

ciscoadaptive_security_appliance_softwareMatch9.1.5.10

ciscoadaptive_security_appliance_softwareMatch9.1.5.12

ciscoadaptive_security_appliance_softwareMatch9.1.5.15

ciscoadaptive_security_appliance_softwareMatch9.1.6

ciscoadaptive_security_appliance_softwareMatch9.1.5.21

ciscoadaptive_security_appliance_softwareMatch9.1.6.1

ciscoadaptive_security_appliance_softwareMatch9.1.6.6

ciscoadaptive_security_appliance_softwareMatch9.1.6.4

ciscoadaptive_security_appliance_softwareMatch9.1.6.8

ciscoadaptive_security_appliance_softwareMatch9.1.6.10

ciscoadaptive_security_appliance_softwareMatch9.1.7.4

ciscoadaptive_security_appliance_softwareMatch9.1.7.6

ciscoadaptive_security_appliance_softwareMatch9.1.7.7

ciscoadaptive_security_appliance_softwareMatch9.1.7.9

ciscoadaptive_security_appliance_softwareMatch9.1.7.11

ciscoadaptive_security_appliance_softwareMatch9.1.7.12

ciscoadaptive_security_appliance_softwareMatch9.2.1

ciscoadaptive_security_appliance_softwareMatch9.2.2

ciscoadaptive_security_appliance_softwareMatch9.2.2.4

ciscoadaptive_security_appliance_softwareMatch9.2.2.7

ciscoadaptive_security_appliance_softwareMatch9.2.3

ciscoadaptive_security_appliance_softwareMatch9.2.2.8

ciscoadaptive_security_appliance_softwareMatch9.2.3.3

ciscoadaptive_security_appliance_softwareMatch9.2.3.4

ciscoadaptive_security_appliance_softwareMatch9.2.0.0

ciscoadaptive_security_appliance_softwareMatch9.2.0.104

ciscoadaptive_security_appliance_softwareMatch9.2.3.1

ciscoadaptive_security_appliance_softwareMatch9.2.4

ciscoadaptive_security_appliance_softwareMatch9.2.4.2

ciscoadaptive_security_appliance_softwareMatch9.2.4.4

ciscoadaptive_security_appliance_softwareMatch9.2.4.8

ciscoadaptive_security_appliance_softwareMatch9.2.4.10

ciscoadaptive_security_appliance_softwareMatch9.2.4.13

ciscoadaptive_security_appliance_softwareMatch9.2.4.14

ciscoadaptive_security_appliance_softwareMatch9.2.4.16

ciscoadaptive_security_appliance_softwareMatch9.2.4.17

ciscoadaptive_security_appliance_softwareMatch9.3.1

ciscoadaptive_security_appliance_softwareMatch9.3.1.1

ciscoadaptive_security_appliance_softwareMatch9.3.2

ciscoadaptive_security_appliance_softwareMatch9.3.2.2

ciscoadaptive_security_appliance_softwareMatch9.3.3

ciscoadaptive_security_appliance_softwareMatch9.3.5

ciscoadaptive_security_appliance_softwareMatch9.3.3.1

ciscoadaptive_security_appliance_softwareMatch9.3.3.2

ciscoadaptive_security_appliance_softwareMatch9.3.3.5

ciscoadaptive_security_appliance_softwareMatch9.3.3.6

ciscoadaptive_security_appliance_softwareMatch9.3.3.9

ciscoadaptive_security_appliance_softwareMatch9.3.3.10

ciscoadaptive_security_appliance_softwareMatch9.3.3.11

ciscoadaptive_security_appliance_softwareMatch9.4.1

ciscoadaptive_security_appliance_softwareMatch9.4.0.115

ciscoadaptive_security_appliance_softwareMatch9.4.1.1

ciscoadaptive_security_appliance_softwareMatch9.4.2

ciscoadaptive_security_appliance_softwareMatch9.4.1.5

ciscoadaptive_security_appliance_softwareMatch9.4.1.3

ciscoadaptive_security_appliance_softwareMatch9.4.1.2

ciscoadaptive_security_appliance_softwareMatch9.4.2.3

ciscoadaptive_security_appliance_softwareMatch9.4.3

ciscoadaptive_security_appliance_softwareMatch9.4.3.3

ciscoadaptive_security_appliance_softwareMatch9.4.3.4

ciscoadaptive_security_appliance_softwareMatch9.4.3.6

ciscoadaptive_security_appliance_softwareMatch9.4.3.8

ciscoadaptive_security_appliance_softwareMatch9.4.3.11

ciscoadaptive_security_appliance_softwareMatch9.4.3.12

ciscoadaptive_security_appliance_softwareMatch9.4.4

ciscoadaptive_security_appliance_softwareMatch9.5.1

ciscoadaptive_security_appliance_softwareMatch9.5.2

ciscoadaptive_security_appliance_softwareMatch9.5.2.6

ciscoadaptive_security_appliance_softwareMatch9.5.2.10

ciscoadaptive_security_appliance_softwareMatch9.5.2.14

ciscoadaptive_security_appliance_softwareMatch9.5.3

ciscoadaptive_security_appliance_softwareMatch9.5.3.2

ciscoadaptive_security_appliance_softwareMatch9.5.3.3

ciscoadaptive_security_appliance_softwareMatch9.6.0

ciscoadaptive_security_appliance_softwareMatch9.6.1

ciscoadaptive_security_appliance_softwareMatch9.6.1.3

ciscoadaptive_security_appliance_softwareMatch9.6.1.5

ciscoadaptive_security_appliance_softwareMatch9.6.1.10

ciscoadaptive_security_appliance_softwareMatch9.6.2

ciscoadaptive_security_appliance_softwareMatch9.6.2.1

ciscoadaptive_security_appliance_softwareMatch9.6.2.2

ciscoadaptive_security_appliance_softwareMatch9.6.2.3

VendorProductVersionCPE
ciscoadaptive_security_appliance_software8.0cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.1cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.3cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.5cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.6cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.7cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	8.0	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:::::::*
cisco	adaptive_security_appliance_software	8.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:::::::*
cisco	adaptive_security_appliance_software	8.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1:::::::*
cisco	adaptive_security_appliance_software	8.3	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3:::::::*
cisco	adaptive_security_appliance_software	8.4	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:::::::*
cisco	adaptive_security_appliance_software	8.5	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5:::::::*
cisco	adaptive_security_appliance_software	8.6	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:::::::*
cisco	adaptive_security_appliance_software	8.7	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7:::::::*
cisco	adaptive_security_appliance_software	9.0	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:::::::*
cisco	adaptive_security_appliance_software	9.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:::::::*