QID 316979
Date Published: 2021-06-17
QID 316979: Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability(cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c)
A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to trigger a reload of an affected device,
resulting in a denial of service (DoS) condition.
Affected Products
Cisco products if they are running a vulnerable release of Cisco FTD Software, have an SSL decryption policy enabled, and
are running one of the following hardware platforms:
ASA 5512-X Adaptive Security Appliance
ASA 5515-X Adaptive Security Appliance
ASA 5525-X Adaptive Security Appliance
ASA 5545-X Adaptive Security Appliance
ASA 5555-X Adaptive Security Appliance
Firepower Threat Defense Virtual (FTDv)
3000 Series Industrial Security Appliances (ISAs)(no support)
Firepower 1000 Series(no support)
Firepower 2100 Series(no support)
Affected Versions:
From 6.3.0 Prior to 6.4.0
QID detection logic:
The QID checks for Cisco FTD version retrieved via Unix Auth using "show version" command.
A successful exploit could allow the attacker to cause a process to crash.
This crash would then trigger a reload of the device.
No manual intervention is needed to recover the device after the reload.
Customers are advised to refer to cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c for more information.
- cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c
CVEs related to QID 316979
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c |