Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability
Vulnerability Description
A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
Cisco Firepower Threat Defense和Cisco Adaptive Security Appliances Software 输入验证错误漏洞
Vulnerability Description
Cisco Firepower Threat Defense(FTD)是美国思科(Cisco)公司的一套提供下一代防火墙服务的统一软件。 Cisco Firepower Threat Defense(FTD)和Cisco Adaptive Security Appliances Software(ASA Software) 存在输入验证错误漏洞,该漏洞源于设备在进行基于软件的SSL TLS解密时,对SSL TLS消息验证不足造成的。攻击者可利用该漏洞导致受影响的设备重新加载,从而导致拒绝服务(DoS)条件
CVSS Information
N/A
Vulnerability Type
N/A