CVE-2020-27124

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified)

Description: A vulnerability in the SSL/TLS handler could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The issue is due to improper error handling on established SSL/TLS connections. An attacker could exploit this by establishing an SSL/TLS connection and then sending a malicious SSL/TLS message within that connection.

Recommendations: For all affected versions of Cisco Adaptive Security Appliance (ASA) Software, update to the latest software version released by Cisco that addresses this vulnerability. As a temporary workaround, consider restricting access to the SSL/TLS handler until a patch is available. Avoid using the vulnerable SSL/TLS connections until the issue is resolved.