A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote malicious user to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the malicious user to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco firepower_threat_defense |
||
cisco asa_5505_firmware 9.12\\(2.12\\) |
||
cisco asa_5505_firmware 9.13\\(0.33\\) |
||
cisco asa_5510_firmware 9.12\\(2.12\\) |
||
cisco asa_5510_firmware 9.13\\(0.33\\) |
||
cisco asa_5512-x_firmware 9.12\\(2.12\\) |
||
cisco asa_5512-x_firmware 9.13\\(0.33\\) |
||
cisco asa_5515-x_firmware 9.12\\(2.12\\) |
||
cisco asa_5515-x_firmware 9.13\\(0.33\\) |
||
cisco asa_5520_firmware 9.12\\(2.12\\) |
||
cisco asa_5520_firmware 9.13\\(0.33\\) |
||
cisco asa_5525-x_firmware 9.12\\(2.12\\) |
||
cisco asa_5525-x_firmware 9.13\\(0.33\\) |
||
cisco asa_5540_firmware 9.12\\(2.12\\) |
||
cisco asa_5540_firmware 9.13\\(0.33\\) |
||
cisco asa_5545-x_firmware 9.12\\(2.12\\) |
||
cisco asa_5545-x_firmware 9.13\\(0.33\\) |
||
cisco asa_5550_firmware 9.12\\(2.12\\) |
||
cisco asa_5550_firmware 9.13\\(0.33\\) |
||
cisco asa_5555-x_firmware 9.12\\(2.12\\) |
||
cisco asa_5555-x_firmware 9.13\\(0.33\\) |
||
cisco asa_5580_firmware 9.12\\(2.12\\) |
||
cisco asa_5580_firmware 9.13\\(0.33\\) |
||
cisco asa_5585-x_firmware 9.12\\(2.12\\) |
||
cisco asa_5585-x_firmware 9.13\\(0.33\\) |
Switchzilla issues a whopping 30+ patches in time for the long UK weekend
Cisco has emitted a fresh round of software updates to address nearly three dozen security holes in its products. The patches, released over May 6 and 7, include 12 issues considered high-severity bugs, and another 22 classified as moderate severity. One of the holes has two CVE numbers assigned to it, so that's a total of 35 CVE-listed security vulnerabilities. Despite the absence of a critical remote code or command execution bug, the patches include a number of serious programming blunders, p...