CVE-2025-20127

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices (affected versions not specified)

Description: A flaw in the TLS 1.3 implementation for a specific cipher could allow an authenticated, remote attacker to exhaust resources associated with incoming TLS 1.3 connections. This could lead to a denial-of-service (DoS) condition where the device stops accepting new SSL/TLS or VPN requests. The issue is due to the implementation of the TLS 1.3 Cipher TLS CHACHA20 POLY1305 SHA256. An attacker can exploit this by sending a large number of TLS 1.3 connections using the specific cipher. The device must be reloaded to resolve the condition. This affects both data traffic and user-management traffic.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.