**Name of the Vulnerable Software and Affected Versions**

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software versions prior to 9.12

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software versions 9.12 and 9.14

**Description**

A flaw exists in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This issue is due to a lack of proper authorization checks, allowing an unauthenticated remote attacker to access restricted URL endpoints related to remote access VPN functionality. The attacker exploits this by sending specially crafted HTTP requests to the targeted web server. Reports indicate active exploitation of this issue, with potential compromise of critical infrastructure systems. The Cisco PSIRT is aware of ongoing exploitation attempts. The vulnerability allows access to resources that should require authentication.

**Recommendations**

For versions prior to 9.12, apply the necessary updates to address the authorization issue.

For versions 9.12 and 9.14, install the security patch available on the Cisco software downloads portal.