CVE-2019-12698

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description The issue is related to the WebVPN feature of the software, which is associated with an uncontrolled resource consumption. An unauthenticated, remote attacker could exploit this by sending multiple WebVPN HTTP page load requests for a specific URL, causing increased CPU utilization on the affected device. This could result in a denial of service (DoS) condition, potentially delaying traffic through the device. The vulnerability is due to excessive processing load for a specific WebVPN HTTP page request.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software, consider restricting access to the WebVPN feature until a patch is available. For Cisco Firepower Threat Defense (FTD) Software, consider disabling the WebVPN HTTP page load request functionality for specific URLs until a fix is provided. As a temporary workaround, consider limiting the number of WebVPN HTTP page load requests from a single source to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.