Name of the Vulnerable Software and Affected Versions
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software versions prior to and including v9.22.x, including v9.8.x, v9.12.x, v9.14.x, v9.16.x, v9.17.x, v9.18.x, v9.19.x, and v9.20.x
Cisco Secure Firewall Threat Defense (FTD) Software versions prior to and including v7.7.x, including v7.0.x, v7.2.x, v7.4.x, v7.6.x
Description
A flaw exists in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This issue is due to improper validation of user-supplied input in HTTP(S) requests, specifically a buffer overflow without size checking. Successful exploitation could allow an authenticated, remote attacker to execute arbitrary code as root on an affected device, potentially leading to a complete system compromise. Approximately 55,852 systems are currently exposed on the internet. The vulnerability is actively being exploited by threat actors, including state-sponsored groups, to deploy malware such as RayInitiator and LINE VIPER. Exploitation involves sending crafted HTTP requests to the vulnerable VPN web server.
Recommendations
Update Cisco ASA Software to a version later than v9.22.x.
Update Cisco FTD Software to a version later than v7.7.x.