CVE-2020-3436

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A vulnerability in the web services interface could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, leading to an unexpected device reload. The issue exists due to the software's inability to efficiently handle the writing of large files to specific folders on the local file system. An attacker could exploit this by uploading files to those folders, potentially causing a denial of service (DoS) condition by triggering a watchdog timeout.

Recommendations For Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software, consider restricting access to the web services interface as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.