—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

SSL/TLS Certificate Denial of Service Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Cisco Secure Firewall ASA Software Release 9.15 or earlier or Secure FTD Software Release 6.7

Overview

A vulnerability has been reported in certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating Cisco Secure Firewall ASA Software and Secure FTD Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper parsing of SSL/TLS certificates. An attacker could exploit these vulnerabilities by sending a crafted SSL/TLS certificate to an affected system through a listening SSL/TLS socket.

Successful exploitation of this vulnerability could allow the attacker to cause the device to reload, resulting in a DoS condition.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe

CVE Name

CVE-2025-20134

CVE-2025-20136

– – —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmip1EIACgkQ3jCgcSdc

ys9wwQ//ZyTmkTsHJNd7JDAD/bWz4SFLGg2XaRN25qeijJbVqXmIFwiqdG4OHgGN

AvgtyhgIzPBLn59NsKbmwDNnumm69EZy33QWIn6J5KWMGABAvuIFfGyrDHvF4A11

Ie3WCqsRYIFn3DDKz8mQVWRY14JoLesc0kTx0s+k/xX1J0tg/mwnqh8wmqVK3N9Y

HuwaCgCrBuu1jNdcDwE+4lpBPYioNjKScdim9HU9uDU5sCnMNl8OGx7unpt2NtdI

JxGbJe4LBlX5P6oo+DVRwX6c2ycEhBwbT9F/PyQSJbLBOinh4qnnPZUA5c9XvSoD

3r9YYd8u78YuLXAOJjxbULcKIvCAloxYYZ3VVBaLf161a6oPYx7vRiLkTwy6pZDg

KnP6x2XOys4m6Bqrr/Ie8tpS9HqohGpDh/SAZ8LtGrFpAU20pWJwmXIUE0xYE8Bc

R/NnCjsme3cDIYDiurYdqFTANjq2bPogWMh7obdWNL1i0QTFlxKWWGoTIcS3KBUU

ygALUz9s7vaYVahzhySiCvIaaehHVtLYxaljqV2P3/upQKUuh0o1EZckoacPTZ6t

4o74UETlP/8bhGA1pLvoOZ+w71XjngUMNYV3lOLtbDxnteWBXYddpOeH5Mh592Fm

QosvaD0jrupnTGzCF4lGvy3LDvw64xtwD2jOeGKcM+bRXHDH6ng=

=2PcX

—–END PGP SIGNATURE—–