A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.
2021-04-29T18:15:08.923
2024-11-21T05:44:16.410
Modified
CVSSv3.1: 8.6 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:C
10.0
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | firepower_threat_defense | < 6.4.0 | Yes |
| Application | cisco | firepower_threat_defense | < 6.6.0 | Yes |
| Application | cisco | firepower_threat_defense_virtual | - | No |
| Hardware | cisco | asa_5512-x | - | No |
| Hardware | cisco | asa_5515-x | - | No |
| Hardware | cisco | asa_5525-x | - | No |
| Hardware | cisco | asa_5545-x | - | No |
| Hardware | cisco | asa_5555-x | - | No |
| Hardware | cisco | firepower_1010 | - | No |
| Hardware | cisco | firepower_1120 | - | No |
| Hardware | cisco | firepower_1140 | - | No |
| Hardware | cisco | firepower_1150 | - | No |
| Hardware | cisco | firepower_2110 | - | No |
| Hardware | cisco | firepower_2120 | - | No |
| Hardware | cisco | firepower_2130 | - | No |
| Hardware | cisco | firepower_2140 | - | No |
| Hardware | cisco | isa_3000 | - | No |