Fabio Streun

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** A vulnerability in the implementation of the Datagram TLS (DTLS) protocol could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service (DoS) condition. This is due to suboptimal processing when establishing a DTLS tunnel as part of an AnyConnect SSL VPN connection. An attacker could exploit this by sending crafted DTLS traffic to an affected device, potentially exhausting resources on the VPN headend device and causing existing DTLS tunnels to stop passing traffic. The device recovers when the attack traffic stops. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.