A critical security vulnerability has been identified in the AnyConnect SSL VPN functionality of Cisco’s Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
Cisco has released software updates to address this vulnerability. To resolve this issue, it is imperative to run the provided update by Cisco. However, if you need assistance with this critical update, Helient is here to help you implement it effectively.
Currently, there are no workarounds that mitigate this issue. We urge you to prioritize this issue to safeguard your network infrastructure.
Vulnerability Details:
- CVE ID: CVE-2023-20042
- Risk Level: Medium
- Impact: Allows a potential unauthenticated, remote attacker to cause a DoS condition on an affected device.
- Affected Products: At the time of publication, this vulnerability impacts Cisco ASA and FTD Software that is configured to use AnyConnect SSL/TLS VPN connections.
Root Cause:
This vulnerability stems from an implementation error within the SSL/TLS session handling process that can prevent the proper release of a session handler under certain conditions. An attacker could exploit this vulnerability by sending specifically crafted SSL/TLS traffic to an affected device, thus increasing the likelihood of session handler leaks. A successful exploit could allow the attacker to eventually exhaust the available session handler pool, preventing the establishment of new sessions and causing a DoS condition.
Workarounds:
There are currently no workarounds for this vulnerability.
Further Information:
For more detailed information about the vulnerability, mitigation strategies, and software updates, please refer to the Cisco Security Advisory.
We recognize the challenges that can accompany implementing critical security updates. That’s why our team of industry-leading networking experts stands ready to offer guidance and support. For a smooth and effective upgrade process, contact us at service@helient.com.