CVE-2018-15399

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A vulnerability in the TCP syslog module could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The issue is due to a missing boundary check in an internal function. An attacker could exploit this by establishing a man-in-the-middle position and maliciously modifying the TCP header in segments sent from the syslog server to the affected device. This could cause all TCP-based features, including AnyConnect SSL VPN, clientless SSL VPN, and management connections like Secure Shell (SSH), Telnet, and HTTPS, to stop functioning.

Recommendations As a temporary workaround, consider restricting access to the TCP syslog module until a patch is available. Restrict access to the affected TCP-based features, such as AnyConnect SSL VPN, clientless SSL VPN, and management connections like Secure Shell (SSH), Telnet, and HTTPS, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.