—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Access VPN Web Server Denial of Service Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Cisco Secure Firewall ASA Software and Secure FTD Software

Overview

Multiple vulnerabilities have been reported in Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating Cisco Secure Firewall ASA Software and Secure FTD Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

These vulnerabilities exist due to incomplete error checking when parsing an HTTP header field value, ineffective validation of user-supplied input during the Remote Access SSL VPN authentication process and improper validation of user-supplied input on an interface with VPN web services. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device.

Successful exploitation of these vulnerabilities could allow the attacker to cause a DoS condition, which would cause the affected device to reload and device stops responding to Remote Access SSL VPN authentication requests.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-mfPekA6e

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-mfPekA6e

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-mfPekA6e

CVE Name

CVE-2025-20244

CVE-2025-20133

CVE-2025-20243

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmipzmgACgkQ3jCgcSdc

ys+13Q/+OGPLBvXjTBwUvbRXPkJSFBHxou6ZSooypB9Zx+D+k041ZBna8rsEn2ic

i8HuyTh3SUx1Wl2MhEH7zfI9gwFK00R4r9X8VXa07Pp550E/VnmrZYdKkYp8aAPV

W+rEV82bBuQA/1Fs5nXkhagBe3jmTDrHvcytDaxjJi6JQP4ZdffMGrCqo77/K82h

PxBr9gfO8VZsMa3swO0bPQ64s/jpSWRvN3HmJZYqiyL7zADCwpf52DyPIJgrEu0i

vFldXz0Q+y6PBO/QTErzFCWMVJAmaHBAER3kwQCp9+cAChOxHFgwtzyQ6Cv6NBlG

3VXPEP5zHYNY74Gmu03t2DrI38+B+oCGrfKVAQtEiiBcy+UY5HBSkIM5VAVVNugj

QYfzAnDUzii0CekUPGDc69LfF636UL0ws/GvABOdmioyUs3t5cVLH2DrBGVle94y

sRBcnmHiWbIEcPyCctt7bOZ5g4kPHvH9IyVCEvue5ungGkQ10blPPQ0a+n+okgjB

8yO1cvPaOyxKmoXBypk00U3ZIm6UG4Vg0VLhqgQ6rHsJoWsTAM4SDJpr+A2KFe/x

RSRUiUNPEs12QdfE3t0eT5s1ku4NCHcFjySLlzptCTGpHNLMEpuME+3h1t11V4Q/

4QG6nWVdbANsQ6yhVI52mAQfgxnI1XDaWkNoLfigGXwMOK89lng=

=j/nt

—–END PGP SIGNATURE—–