CVE-2017-3793 — Uncontrolled Resource Consumption in Cisco Adaptive Security Appliance Software

CWE-399 CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.4%

top 38.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedApr 20

Latest updateMay 13

Description

A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software253 versions+252

🔴Vulnerability Details

GHSA

GHSA-4p4v-vxhg-4mmr: A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8↗2022-05-13

▶

CVEList

CVE-2017-3793: A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8↗2017-04-20

▶

📋Vendor Advisories

Cisco

Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability↗2017-04-19

▶