Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

high Nessus Plugin ID 200306

Synopsis

The remote device is missing a vendor-supplied security patch

Description

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.

Please see the included Cisco BID and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwc94466 and CSCwf62729

See Also

http://www.nessus.org/u?3e1ec90c

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc94466

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf62729

Plugin Details

Severity: High

ID: 200306

File Name: cisco-sa-asaftd-ssl-dos-uu7mV5p6-ftd.nasl

Version: 1.2

Type: local

Family: CISCO

Published: 6/11/2024

Updated: 6/12/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2023-20006

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:firepower_threat_defense

Required KB Items: installed_sw/Cisco Firepower Threat Defense, Host/Cisco/Firepower

Exploit Ease: No known exploits are available

Patch Publication Date: 6/7/2023

Vulnerability Publication Date: 6/7/2023

Reference Information

CVE: CVE-2023-20006