Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software [“#fs”] section of this advisory. See the Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy”] for additional information.
A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
The vulnerability is due to incomplete input validation when the affected software processes certain OSPFv2 packets with Link-Local Signaling (LLS) data. An attacker could exploit this vulnerability by sending a malformed OSPFv2 packet to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospflls-37Xy2q6r [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospflls-37Xy2q6r”]
This advisory is part of the October 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, which includes 17 Cisco Security Advisories that describe 17 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: October 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74302”].
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | cisco_adaptive_security_appliance_\(asa\)_software | 9.8 | cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8:*:*:*:*:*:*:* |
cisco | cisco_adaptive_security_appliance_\(asa\)_software | 9.12 | cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.12:*:*:*:*:*:*:* |
cisco | firepower_2100_firmware | any | cpe:2.3:o:cisco:firepower_2100_firmware:any:*:*:*:*:*:*:* |
cisco | asa_5500-x_series_ips_ssp_software | any | cpe:2.3:a:cisco:asa_5500-x_series_ips_ssp_software:any:*:*:*:*:*:*:* |
cisco | industrial_security_appliances_3000_firmware | any | cpe:2.3:o:cisco:industrial_security_appliances_3000_firmware:any:*:*:*:*:*:*:* |
cisco | firepower_9000_firmware | any | cpe:2.3:o:cisco:firepower_9000_firmware:any:*:*:*:*:*:*:* |
cisco | firepower_4100_next-generation_firewall_firmware | any | cpe:2.3:o:cisco:firepower_4100_next-generation_firewall_firmware:any:*:*:*:*:*:*:* |
cisco | adaptive_security_virtual_appliance | any | cpe:2.3:a:cisco:adaptive_security_virtual_appliance:any:*:*:*:*:*:*:* |
cisco | firepower_threat_defense_software | 6.2 | cpe:2.3:a:cisco:firepower_threat_defense_software:6.2:*:*:*:*:*:*:* |
cisco | cisco_adaptive_security_appliance_\(asa\)_software | 9.8.1.7 | cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:9.8.1.7:*:*:*:*:*:*:* |