A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Adaptive_security_appliance | Cisco | * | 9.7 (including) |
Firepower_threat_defense | Cisco | * | 6.2.2 (including) |
Firepower_threat_defense | Cisco | 6.2.3 (including) | 6.4.0.13 (excluding) |
Firepower_threat_defense | Cisco | 6.5.0 (including) | 6.6.5 (excluding) |
Firepower_threat_defense | Cisco | 6.7.0 (including) | 6.7.0.3 (excluding) |
Firepower_threat_defense | Cisco | 7.0.0 (including) | 7.0.0 (including) |
Adaptive_security_appliance_software | Cisco | 9.8 (including) | 9.8.4.40 (excluding) |
Adaptive_security_appliance_software | Cisco | 9.9 (including) | 9.12.4.26 (excluding) |
Adaptive_security_appliance_software | Cisco | 9.13 (including) | 9.14.3 (excluding) |
Adaptive_security_appliance_software | Cisco | 9.15 (including) | 9.15.1.17 (excluding) |
Adaptive_security_appliance_software | Cisco | 9.16 (including) | 9.16.1.28 (excluding) |