Guest

Preview Tool

Cisco Bug: CSCvs10138 - ENH ASA/FTD Disable Timestamps for TCP Packets Responded by the Firewall Interfaces

Last Modified

May 15, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(2.13)

Description (partial)

Symptom:
Enhancement feature to allow the ASA and FTD to disable TCP timestamps for packets destined to its interfaces to prevent "TCP Timestamp Response" Vulnerability which states: 

"The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behavior of their TCP timestamps".

The symptom is seen on a packet capture. The ACK packet has a timestamp in the response.

Conditions:
To have any TCP service listening in the firewall data or management interfaces.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.