Lucene search

CiscoCISCO-SA-ASAFTD-FILEUP-DOS-ZVC7WTYS

HistoryOct 21, 2020 - 4:00 p.m.

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service Vulnerability

2020-10-2116:00:00

tools.cisco.com

cisco

adaptive security appliance

firepower threat defense

web services

file upload

denial of service

vulnerability

remote attacker

software update

advisory

october 2020

folders

watchdog timeout

security

cisco event response

EPSS

0.001

Percentile

49.9%

JSON

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software [“#fs”] section of this advisory. See the Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy”] for additional information.

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload.

The vulnerability exists because the affected software does not efficiently handle the writing of large files to specific folders on the local file system. An attacker could exploit this vulnerability by uploading files to those specific folders. A successful exploit could allow the attacker to write a file that triggers a watchdog timeout, which would cause the device to unexpectedly reload, causing a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-fileup-dos-zvC7wtys [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-fileup-dos-zvC7wtys”]

This advisory is part of the October 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, which includes 17 Cisco Security Advisories that describe 17 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: October 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74302”].

Affected configurations

Vulners

Node

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.12

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.14

ciscofirepower_2100_firmwareMatchany

ciscoasa_5500-x_series_ips_ssp_softwareMatchany

ciscoindustrial_security_appliances_3000_firmwareMatchany

ciscofirepower_9000_firmwareMatchany

ciscoadaptive_security_virtual_applianceMatchany

ciscofirepower_threat_defense_softwareMatch6.2

ciscofirepower_4100_next-generation_firewall_firmwareMatchany

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.1.7

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.2.15

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.2.17

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.2.26

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.2.38

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.3.18

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.4.10

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.4.12

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.12.1.3

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.12.3.7

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.14.1

ciscoadaptive_security_appliance_softwareMatch2100_series

ciscoasaMatch5500-x_series_firewalls

ciscoadaptive_security_appliance_softwareMatch3000_series_industrial_security_appliances_\(isa\)

ciscoadaptive_security_appliance_softwareMatch9000_series

ciscoadaptive_security_virtual_applianceMatchany

ciscofirepower_threat_defense_softwareMatch6.2.3

ciscofirepower_threat_defense_softwareMatch4100_series

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.8.1.7_when_installed_on_cisco_adaptive_security_virtual_appliance_\(asav\)

ciscoasaMatch5500-x_series_firewalls

ciscoadaptive_security_appliance_softwareMatch2100_series

ciscoadaptive_security_appliance_softwareMatch9000_series

ciscoadaptive_security_appliance_softwareMatch3000_series_industrial_security_appliances_\(isa\)

ciscoadaptive_security_appliance_softwareMatch2100_series

ciscoasaMatch5500-x_series_firewalls

ciscoadaptive_security_appliance_softwareMatch2100_series

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatch9.12.1.3_when_installed_on_cisco_adaptive_security_virtual_appliance_\(asav\)

ciscoadaptive_security_appliance_softwareMatch3000_series_industrial_security_appliances_\(isa\)

ciscoadaptive_security_appliance_softwareMatch2100_series

ciscofirepower_threat_defense_softwareMatch4100_series

VendorProductVersionCPE
ciscocisco_adaptive_security_appliance_\(asa\)_software9.8cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8:*:*:*:*:*:*:*
ciscocisco_adaptive_security_appliance_\(asa\)_software9.12cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.12:*:*:*:*:*:*:*
ciscocisco_adaptive_security_appliance_\(asa\)_software9.14cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.14:*:*:*:*:*:*:*
ciscofirepower_2100_firmwareanycpe:2.3:o:cisco:firepower_2100_firmware:any:*:*:*:*:*:*:*
ciscoasa_5500-x_series_ips_ssp_softwareanycpe:2.3:a:cisco:asa_5500-x_series_ips_ssp_software:any:*:*:*:*:*:*:*
ciscoindustrial_security_appliances_3000_firmwareanycpe:2.3:o:cisco:industrial_security_appliances_3000_firmware:any:*:*:*:*:*:*:*
ciscofirepower_9000_firmwareanycpe:2.3:o:cisco:firepower_9000_firmware:any:*:*:*:*:*:*:*
ciscoadaptive_security_virtual_applianceanycpe:2.3:a:cisco:adaptive_security_virtual_appliance:any:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software6.2cpe:2.3:a:cisco:firepower_threat_defense_software:6.2:*:*:*:*:*:*:*
ciscofirepower_4100_next-generation_firewall_firmwareanycpe:2.3:o:cisco:firepower_4100_next-generation_firewall_firmware:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.8	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8:::::::*
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.12	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.12:::::::*
cisco	cisco_adaptive_security_appliance_\(asa\)_software	9.14	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.14:::::::*
cisco	firepower_2100_firmware	any	cpe:2.3:o:cisco:firepower_2100_firmware:any:::::::*
cisco	asa_5500-x_series_ips_ssp_software	any	cpe:2.3:a:cisco:asa_5500-x_series_ips_ssp_software:any:::::::*
cisco	industrial_security_appliances_3000_firmware	any	cpe:2.3:o:cisco:industrial_security_appliances_3000_firmware:any:::::::*
cisco	firepower_9000_firmware	any	cpe:2.3:o:cisco:firepower_9000_firmware:any:::::::*
cisco	adaptive_security_virtual_appliance	any	cpe:2.3:a:cisco:adaptive_security_virtual_appliance:any:::::::*
cisco	firepower_threat_defense_software	6.2	cpe:2.3:a:cisco:firepower_threat_defense_software:6.2:::::::*
cisco	firepower_4100_next-generation_firewall_firmware	any	cpe:2.3:o:cisco:firepower_4100_next-generation_firewall_firmware:any:::::::*