Cisco Bug: CSCvs10138 - ENH ASA/FTD Disable Timestamps for TCP Packets Responded by the Firewall Interfaces
May 15, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: Enhancement feature to allow the ASA and FTD to disable TCP timestamps for packets destined to its interfaces to prevent "TCP Timestamp Response" Vulnerability which states: "The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behavior of their TCP timestamps". The symptom is seen on a packet capture. The ACK packet has a timestamp in the response. Conditions: To have any TCP service listening in the firewall data or management interfaces.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases