Denial of Service Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense
CVE-2023-20095

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Adaptive Security Appliance (ASA) Software; Cisco Firepower Threat Defense Software
Vendor: CVE Published:; 1 November 2023

What is CVE-2023-20095?

A vulnerability exists in the remote access VPN capabilities of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This flaw can be exploited by an unauthenticated remote attacker through the manipulation of HTTPS requests sent to the device. If successfully exploited, this vulnerability causes resource exhaustion, potentially resulting in a denial of service condition on the affected device, impacting its availability and functionality.

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software 9.8.1

Cisco Adaptive Security Appliance (ASA) Software 9.8.1.5

Cisco Adaptive Security Appliance (ASA) Software 9.8.1.7

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
Oct 27, 2022