CVE-2018-0231

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A vulnerability in the Transport Layer Security (TLS) library could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. This could allow the attacker to cause a buffer underflow, triggering a crash on an affected device.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software, consider disabling the SSL services on interfaces until a patch is available. For Cisco Firepower Threat Defense (FTD) Software, restrict access to the TLS library to minimize the risk of exploitation. As a temporary workaround, consider blocking incoming TLS messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.