—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Denial of Service Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Cisco Secure Firewall ASA Software or Cisco Secure FTD Software

Overview

A vulnerability has been reported in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device.

Successful exploitation of this vulnerability could allow the attacker to access a restricted URL without authentication.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

CVE Name

CVE-2025-20362

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkOCfsACgkQ3jCgcSdc

ys/ItA//UUbjbi5jTCVZZk5hTQMbhdzcNqxJVwvFtyjJqbgeDRxarjJz4aIWFWvC

8pNqLLgYkR/MspW4WWmkeQkEnZisjNikQjB1jm0v0H1Amv7fsIOFV/HgSK5qkxCp

cTuMiHbp4HkcqzUeUKWRatpMM6MISaa7Q1NOs01kvEMqFTg/x/JN+RAw6N+CvYc8

fVmKZWrwqNQ0ESsI++s0FIp5E7OxZus59Etc7j72n6IsFpRoPwp+Es+UeiDBGOga

+IzZSi0FQN0r4Lycu7FUfl5RxBvSMotK7EZSR0c/tXxKI+N9xPHjCEOXmxf5TNd8

xxmU90rpAugKw/bgQZNxi/m4XVVgxC4+3lJZM+W0/PUP/SvTJ/e1pd7QG3Ikhe2e

12atZnTiojBJhpFqAV40Vzma381W94HuU9eEb2+CxnO7pEaVYYQNYPb0p/ehqDn6

UXRxsc0EfvE8M35hK4QcUvvv00Td3mwQtVzcD+XWtJV7IJmDl6/ai4PcawNVRj5T

EMp5SH0NV5yADfaTulGle1mxEK5aRPHOMNUL0wwn3+EkNTwOqfGHVGprzKT/84FJ

Bmylwi6mwzXUlm3T00Yq8+u/oVYyF6bRWM8XpwP8qXl/sHPbWJ+VkMgRzRWejnkn

jgXZCbV/0f39Ghj8Ys4eyn8PRrO9h/A1ZuK4BjPzhos3hGEg/ao=

=8f19

—–END PGP SIGNATURE—–