Guest

Preview Tool

Cisco Bug: CSCvh73829 - Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability

Last Modified

Jul 26, 2019

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.8(2)

Description (partial)

<B>Symptom:</B>
A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-syslog-dos

<B>Conditions:</B>
This vulnerability affects ASA releases 9.6 and later with a TCP syslog server configured.

To determine, if your ASA has a TCP syslog server configured, use the show running-config | inc logging host command and look for lines referencing protocol 6 (i.e. TCP). The following example shows the output of the command for a device that has TCP syslog server 10.1.1.1 configured:

ASA# show running-config | inc logging host
logging host Inside 10.1.1.1 6/1470
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.