Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Web Services Denial of Service Vulnerability
TL;DR 📌
A buffer overflow vulnerability has been identified in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Software. This vulnerability allows unauthenticated remote attackers to cause a denial of service (DoS) condition. Cisco has released software updates to address this issue, and there are no workarounds available.
What happened 🕵️♂️
A vulnerability in the web services interface of Cisco Secure Firewall ASA and FTD Software could allow an unauthenticated, remote attacker to exploit a buffer overflow condition. This occurs due to insufficient boundary checks for specific data provided to the web services interface. An attacker could send a crafted HTTP request to the affected system, leading to a system reload and resulting in a denial of service (DoS).
Affected products 🖥️
The vulnerability affects:
- Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
- Cisco Secure Firewall Threat Defense (FTD) Software
Specific configurations that are vulnerable include:
- Management Web Server Access (http server enable)
- REST API (rest-api image disk0:/rest-api agent for ASA)
- HTTP server enabled for FTD (http server enable)
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes | 
|---|---|---|
| 1.0 | Initial public release. | 
Workarounds 🧯
There are no workarounds available that address this vulnerability.
Risk in context 🎯
With a CVSS score of 8.6, this vulnerability is rated as High. It is internet-facing and does not require authentication, making it particularly concerning for organizations. The potential for denial of service could impact availability, necessitating immediate attention.
Fast facts ⚡
- Vulnerability: Buffer overflow in web services interface
- CVSS Score: 8.6 (High)
- Impact: Denial of Service (DoS)
- Exploitation: Possible via crafted HTTP requests
- Workarounds: None available
- Fixed Software: Updates released by Cisco
For leadership 🧭
This vulnerability poses a High risk to our organization due to its potential for denial of service, which could disrupt operations. The attack vector is internet-facing and does not require authentication, increasing exposure. Immediate remediation is necessary, with a recommendation to patch affected systems within 7 days. The operational impact is expected to be minimal, involving a brief maintenance window with no configuration drift anticipated.
Now: Review affected systems and prioritize patching within 7 days.
Next: Monitor for any signs of exploitation and ensure all systems are updated.
Later: Conduct a review of security policies and configurations to prevent similar vulnerabilities in the future.