Vulnerability identifier: #VU62667
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
Vendor: Cisco Systems, Inc
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the web services interface for remote access VPN feature. A remote attacker can send specially crafted HTTP requests to the device and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions
Cisco Adaptive Security Appliance (ASA): 9.12 - 126.96.36.199
Cisco Firepower Threat Defense (FTD): 7.0.0 - 7.0.1, 6.7.0 - 188.8.131.52, 6.6.0 - 6.6.5, 6.5.0 - 184.108.40.206, 6.4.0 - 220.127.116.11, 6.3.0 - 18.104.22.168, 6.2.3 - 22.214.171.124, 6.2.2 - 126.96.36.199
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.