—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability

Advisory ID: cisco-sa-20180418-asa3

Revision: 1.0

For Public Release: 2018 April 18 16:00 GMT

Last Updated: 2018 April 18 16:00 GMT

CVE ID(s): CVE-2018-0231

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJa128AXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz1yEQALDj25ySYsjzBSXgrKQ7O+b/UJEG
S654UD6pKtW8fn5dF8eEYwh6RkQ7yGZDKkMtsKlc3SzXxMn7zsZ40C5z3plmt28u
TbkbmkWXBhtQuvIGad309tFGFX9q3fs8yvfjq4iUIFGPRBT/lNWo57XiZGtQ7mcX
zvPNf4/RgccrvvA2hyy5f8Df2ByfvwkwD1fhTUKccL34j24s/lJp6hs+FgctED/f
nTSB0S1CzExdsCU8KR2q3LVqlxl/Doj6n6MuqO422wrwzDVF9sdXpN9Os/3abavc
mzpo0FYfDYrNQ0PKjEJbHd4ESYZmwl0GlxboL6JGqBwhAueNPalhvYOoTcvDKyyk
y0DcJWq7Ehz1mImNjr1L1eDuEKFHZDbCkRlKo+3R2gdyHaXh/FaL3gWtr+uNGqeW
hZl0piAIdpWIv3AUZtzV5X6fLHaA4Yv/GW81yl77LxphazH1fMhXeUzFB/SMnTve
107M0D4KcfxOfgPHUa03ZrEPSSUaNhmRzHvXHWzbvdLlN8A391kvLKESKLqdv/G4
Uz/uhLbBLPYw1Iu0KJM3t+IiKQEwZPIBRJT1zJrfz/TYw8WqsWFXZbw/cb6IOMtL
HkC95b0hiY7wfMQX/2lWD03xkix++8yQNanpkeyu3KDzwcbsy82orseNSFZtmKH+
9TNTmcwNuQIIwJF4
=ZH9o
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com