Vulnerabilities in Cisco ASA and FTD Software
Cisco disclosed three vulnerabilities in its management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software product. The vulnerability allows an attacker to cause a DoS condition by sending a crafted HTTP request to the web server on a targeted device. A successful exploit would result in an unexpected reloading of the device. This vulnerability is due to incomplete error checking when parsing an HTTP header. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all system and network admins to review and implement the appropriate patches. The details of the updates are:
- Update for Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability
- Update for Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability
- Update for Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability