CVE-2025-20134

Summary

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static Network Address Translation (NAT) rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.39affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.40affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.4.6affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.4.7affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.41affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.47affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.4.12affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.48affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.4.13affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.50affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.4.14affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.52affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.4.15affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.54affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.4.17affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.55affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.4.22affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.4.23affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.56affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.58affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.62affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.65affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.12.4.67affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.4.24affected
CiscoCisco Firepower Threat Defense Software6.6.5.2affected
CiscoCisco Firepower Threat Defense Software6.4.0.15affected
CiscoCisco Firepower Threat Defense Software6.6.7affected
CiscoCisco Firepower Threat Defense Software6.4.0.16affected
CiscoCisco Firepower Threat Defense Software6.6.7.1affected
CiscoCisco Firepower Threat Defense Software6.4.0.17affected
CiscoCisco Firepower Threat Defense Software6.6.7.2affected
CiscoCisco Firepower Threat Defense Software6.4.0.18affected

Weaknesses

  • CWE-415: Double Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References