漏洞标题
Cisco 自适应安全设备软件和火力威胁防御软件基于软件的 SSL/TLS 拒绝服务漏洞
漏洞描述信息
Cisco自适应安全设备软件和Firepower威胁防御软件基于软件的SSL/TLS拒绝服务漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability
漏洞描述信息
A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
漏洞类别
内存缓冲区边界内操作的限制不恰当
漏洞标题
Cisco Firepower Threat Defense和Cisco Adaptive Security Appliances Software 输入验证错误漏洞
漏洞描述信息
Cisco Firepower Threat Defense(FTD)是美国思科(Cisco)公司的一套提供下一代防火墙服务的统一软件。 Cisco Firepower Threat Defense(FTD)和Cisco Adaptive Security Appliances Software(ASA Software) 存在输入验证错误漏洞,该漏洞源于设备在进行基于软件的SSL TLS解密时,对SSL TLS消息验证不足造成的。攻击者可利用该漏洞导致受影响的设备重新加载,从而导致拒绝服务(DoS)条件
CVSS信息
N/A
漏洞类别
输入验证错误