CVE-2018-0240

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description Multiple vulnerabilities in the Application Layer Protocol Inspection feature could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device, potentially causing a deadlock condition and resulting in a reload of the device.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software, consider disabling the Application Layer Protocol Inspection feature until a patch is available. For Cisco Firepower Threat Defense (FTD) Software, restrict access to the Application Layer Protocol Inspection feature to minimize the risk of exploitation. As a temporary workaround, consider limiting the volume of traffic inspected by the Application Layer Protocol Inspection feature to prevent a deadlock condition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.