Preview Tool

Cisco Bug: CSCuq68888 - Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)

Crafted HTTP request may cause the 64K Blocks depletion

webvpn needs to be enabled. This can be verified by doing show run webvpn and checking if webvpn enable command is present.
Block depletion can be checked by executing show block at regular interval
The following syslog is created when the memory block goes below the acceptable threashold
ASA-3-321007: System is low on free memory blocks of size 65536 (0 CNT out of 16 MAX)
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.