CVE-2017-3793

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 8.0 through 8.7 Cisco Adaptive Security Appliance (ASA) Software versions 9.0 through 9.6 Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A vulnerability in the TCP normalizer could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. This could exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software versions 8.0 through 8.7, update to a fixed version to resolve the issue. For Cisco Adaptive Security Appliance (ASA) Software versions 9.0 through 9.6, update to a fixed version to resolve the issue. For Cisco Firepower Threat Defense (FTD) Software, at the moment, there is no information about a newer version that contains a fix for this vulnerability.