CVE-2022-20927

A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.

Severity	HIGH
CVSS	7.7
CWE	CWE-120
KEV
Published	3 years ago
Modified	1 year ago

Related Products

Product	Advisory	Evidence
Cisco Secure Firewall Threat Defense (FTD) Software	cisco-sa-ssl-client-dos-cCrQPkA	Cisco OpenVuln
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software	cisco-sa-ssl-client-dos-cCrQPkA	Cisco OpenVuln
Cisco Firepower Threat Defense Software	cisco-sa-ssl-client-dos-cCrQPkA	Cisco OpenVuln
Cisco Firepower 9000 Series	cisco-sa-ssl-client-dos-cCrQPkA	Cisco OpenVuln
Cisco Firepower 4100 Series	cisco-sa-ssl-client-dos-cCrQPkA	Cisco OpenVuln
Cisco FirePOWER Services Software for ASA	cisco-sa-ssl-client-dos-cCrQPkA	Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software	cisco-sa-ssl-client-dos-cCrQPkA	Cisco OpenVuln
Cisco ASA 5500-X Series Firewalls	cisco-sa-ssl-client-dos-cCrQPkA	Cisco OpenVuln