Skip to main content

Vulnerabilities in Cisco ASA and FTD Software

Cisco disclosed three vulnerabilities in its management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software product. The vulnerability allows an attacker to cause a DoS condition by sending a crafted HTTP request to the web server on a targeted device. A successful exploit would result in an unexpected reloading of the device. This vulnerability is due to incomplete error checking when parsing an HTTP header. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all system and network admins to review and implement the appropriate patches. The details of the updates are: