**Name of the Vulnerable Software and Affected Versions**

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software

Cisco Secure Firewall Threat Defense (FTD) Software

Cisco IOS Software

Cisco IOS XE Software

Cisco IOS XR Software

**Description**

A flaw exists in the web services of the listed Cisco products due to improper validation of user-supplied input in HTTP requests. This can allow an unauthenticated, remote attacker (in the case of ASA and FTD Software) or an authenticated, remote attacker with low privileges (in the case of IOS, IOS XE, and IOS XR Software) to execute arbitrary code on the affected device. Successful exploitation could lead to complete device compromise. The vulnerability has been exploited in zero-day attacks by a threat actor known as ArcaneDoor, potentially linked to a Chinese hacking group, deploying malware such as RayInitiator and LINE VIPER. The vulnerability is triggered by sending crafted HTTP requests to a targeted web service. The **API endpoints** are not explicitly specified, but the vulnerability relates to HTTP requests. The improper validation occurs with user-supplied input, specifically within the `HTTP request` itself.

**Recommendations**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.