Cisco Secure Firewall Adaptive Security Appliance Software TCP Flood Denial of Service Vulnerability
Summary
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new, incoming TCP connections that are destined to management or data interfaces when the device is under a TCP SYN flood attack. An attacker could exploit this vulnerability by sending a crafted stream of traffic to an affected device. A successful exploit could allow the attacker to prevent all incom…
- Scope: This vulnerability affects only Cisco Secure Firewall ASA Software Release 9.20.4.14, regardless of device configuration. The fixed software release for this vulnerability is Cisco Secure Firewall ASA Software Release 9.20.4.19.
- Release 9.20.4.14 (first fixed: 9.20.4.19)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 9.20.4.19
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 9.20.4.14: upgrade to 9.20.4.19.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.