CVE-2010-4679

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliances (ASA) 5500 series devices versions prior to 8.2(3)

Description The issue is related to the improper handling of Online Certificate Status Protocol (OCSP) connection failures. This allows remote OCSP responders to cause a denial of service by rejecting connection attempts, leading to TCP socket exhaustion.

Recommendations For versions prior to 8.2(3), update to version 8.2(3) or later to resolve the issue. As a temporary workaround, consider restricting access to OCSP responders to minimize the risk of exploitation.