We advise users with Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) that there has been a vulnerability detected in their management and web servers that could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
Cisco has released a software fix for this vulnerability which can be found here: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2.
According to Cisco, this vulnerability is due to incomplete error checking when parsing an HTTP header, which can be exploited by an attacker through a crafted HTTP request to a targeted web server on a device, It was also determined that apart from the DoS condition, attackers may also implant malware, execute unauthorized commands, and potentially exfiltrate data from the compromised devices as a result of this vulnerability.
The vulnerability has been detected in certain software configurations in the ASA and FTD. According to Cisco, “To determine whether a device that is running Cisco ASA Software or FTD Software is affected, use the show asp table socket | include SSL command and look for an SSL listen socket on any TCP port. If a socket is present in the output, the device should be considered vulnerable.”
Customers can also verify their exposure to the vulnerability by accessing the Cisco Software Checker tool which identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities that are described in each .If applicable, the tool also returns the earliest release that fixes all the vulnerabilities that are described in all the advisories that the Software Checker identifies.