Vulnerability-Lookup

CVE-2025-20134 (GCVE-0-2025-20134)

Vulnerability from cvelistv5 – Published: 2025-08-14 16:28 – Updated: 2025-08-19 21:41

Title

Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability

Summary

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static Network Address Translation (NAT) rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-415 - Double Free

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

Vendor

Product

Version

Cisco

Cisco Adaptive Security Appliance (ASA) Software

Affected: 9.12.4.39
Affected: 9.12.4.40
Affected: 9.14.4.6
Affected: 9.14.4.7
Affected: 9.12.4.41
Affected: 9.12.4.47
Affected: 9.14.4.12
Affected: 9.12.4.48
Affected: 9.14.4.13
Affected: 9.12.4.50
Affected: 9.14.4.14
Affected: 9.12.4.52
Affected: 9.14.4.15
Affected: 9.12.4.54
Affected: 9.14.4.17
Affected: 9.12.4.55
Affected: 9.14.4.22
Affected: 9.14.4.23
Affected: 9.12.4.56
Affected: 9.12.4.58
Affected: 9.12.4.62
Affected: 9.12.4.65
Affected: 9.12.4.67
Affected: 9.14.4.24

Cisco

Cisco Firepower Threat Defense Software

Affected: 6.6.5.2
Affected: 6.4.0.15
Affected: 6.6.7
Affected: 6.4.0.16
Affected: 6.6.7.1
Affected: 6.4.0.17
Affected: 6.6.7.2
Affected: 6.4.0.18

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20134",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-14T18:42:13.832362Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-14T19:21:52.387Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Adaptive Security Appliance (ASA) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "9.12.4.39"
            },
            {
              "status": "affected",
              "version": "9.12.4.40"
            },
            {
              "status": "affected",
              "version": "9.14.4.6"
            },
            {
              "status": "affected",
              "version": "9.14.4.7"
            },
            {
              "status": "affected",
              "version": "9.12.4.41"
            },
            {
              "status": "affected",
              "version": "9.12.4.47"
            },
            {
              "status": "affected",
              "version": "9.14.4.12"
            },
            {
              "status": "affected",
              "version": "9.12.4.48"
            },
            {
              "status": "affected",
              "version": "9.14.4.13"
            },
            {
              "status": "affected",
              "version": "9.12.4.50"
            },
            {
              "status": "affected",
              "version": "9.14.4.14"
            },
            {
              "status": "affected",
              "version": "9.12.4.52"
            },
            {
              "status": "affected",
              "version": "9.14.4.15"
            },
            {
              "status": "affected",
              "version": "9.12.4.54"
            },
            {
              "status": "affected",
              "version": "9.14.4.17"
            },
            {
              "status": "affected",
              "version": "9.12.4.55"
            },
            {
              "status": "affected",
              "version": "9.14.4.22"
            },
            {
              "status": "affected",
              "version": "9.14.4.23"
            },
            {
              "status": "affected",
              "version": "9.12.4.56"
            },
            {
              "status": "affected",
              "version": "9.12.4.58"
            },
            {
              "status": "affected",
              "version": "9.12.4.62"
            },
            {
              "status": "affected",
              "version": "9.12.4.65"
            },
            {
              "status": "affected",
              "version": "9.12.4.67"
            },
            {
              "status": "affected",
              "version": "9.14.4.24"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.6.5.2"
            },
            {
              "status": "affected",
              "version": "6.4.0.15"
            },
            {
              "status": "affected",
              "version": "6.6.7"
            },
            {
              "status": "affected",
              "version": "6.4.0.16"
            },
            {
              "status": "affected",
              "version": "6.6.7.1"
            },
            {
              "status": "affected",
              "version": "6.4.0.17"
            },
            {
              "status": "affected",
              "version": "6.6.7.2"
            },
            {
              "status": "affected",
              "version": "6.4.0.18"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static Network Address Translation (NAT) rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "Double Free",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-19T21:41:44.731Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-asaftd-ssltls-dos-eHw76vZe",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asaftd-ssltls-dos-eHw76vZe",
        "defects": [
          "CSCwk44159"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20134",
    "datePublished": "2025-08-14T16:28:07.782Z",
    "dateReserved": "2024-10-10T19:15:13.212Z",
    "dateUpdated": "2025-08-19T21:41:44.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20134\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-14T18:42:13.832362Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-14T18:42:17.666Z\"}}], \"cna\": {\"title\": \"Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability\", \"source\": {\"defects\": [\"CSCwk44159\"], \"advisory\": \"cisco-sa-asaftd-ssltls-dos-eHw76vZe\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Adaptive Security Appliance (ASA) Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.12.4.39\"}, {\"status\": \"affected\", \"version\": \"9.12.4.40\"}, {\"status\": \"affected\", \"version\": \"9.14.4.6\"}, {\"status\": \"affected\", \"version\": \"9.14.4.7\"}, {\"status\": \"affected\", \"version\": \"9.12.4.41\"}, {\"status\": \"affected\", \"version\": \"9.12.4.47\"}, {\"status\": \"affected\", \"version\": \"9.14.4.12\"}, {\"status\": \"affected\", \"version\": \"9.12.4.48\"}, {\"status\": \"affected\", \"version\": \"9.14.4.13\"}, {\"status\": \"affected\", \"version\": \"9.12.4.50\"}, {\"status\": \"affected\", \"version\": \"9.14.4.14\"}, {\"status\": \"affected\", \"version\": \"9.12.4.52\"}, {\"status\": \"affected\", \"version\": \"9.14.4.15\"}, {\"status\": \"affected\", \"version\": \"9.12.4.54\"}, {\"status\": \"affected\", \"version\": \"9.14.4.17\"}, {\"status\": \"affected\", \"version\": \"9.12.4.55\"}, {\"status\": \"affected\", \"version\": \"9.14.4.22\"}, {\"status\": \"affected\", \"version\": \"9.14.4.23\"}, {\"status\": \"affected\", \"version\": \"9.12.4.56\"}, {\"status\": \"affected\", \"version\": \"9.12.4.58\"}, {\"status\": \"affected\", \"version\": \"9.12.4.62\"}, {\"status\": \"affected\", \"version\": \"9.12.4.65\"}, {\"status\": \"affected\", \"version\": \"9.12.4.67\"}, {\"status\": \"affected\", \"version\": \"9.14.4.24\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Firepower Threat Defense Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.6.5.2\"}, {\"status\": \"affected\", \"version\": \"6.4.0.15\"}, {\"status\": \"affected\", \"version\": \"6.6.7\"}, {\"status\": \"affected\", \"version\": \"6.4.0.16\"}, {\"status\": \"affected\", \"version\": \"6.6.7.1\"}, {\"status\": \"affected\", \"version\": \"6.4.0.17\"}, {\"status\": \"affected\", \"version\": \"6.6.7.2\"}, {\"status\": \"affected\", \"version\": \"6.4.0.18\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe\", \"name\": \"cisco-sa-asaftd-ssltls-dos-eHw76vZe\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\\r\\n\\r\\nThis vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static Network Address Translation (NAT) rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-415\", \"description\": \"Double Free\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2025-08-19T21:41:44.731Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-20134\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-19T21:41:44.731Z\", \"dateReserved\": \"2024-10-10T19:15:13.212Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2025-08-14T16:28:07.782Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0708

Vulnerability from certfr_avis - Published: 2025-08-18 - Updated: 2025-08-18

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Cisco	N/A	Se référer au bulletin de l'éditeur (cf. section Documentation) pour les systèmes affectés.

References

Title

Publication Time

CVE-2025-20134

Vulnerability from fstec - Published: 14.08.2025

Title

Уязвимость обработчика SSL/TLS микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Cisco Firepower Threat Defense (FTD), позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость обработчика SSL/TLS микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Cisco Firepower Threat Defense (FTD) связана с повторным освобождением памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Firepower Threat Defense, Adaptive Security Appliance

Software Version

6.6.5.2 (Firepower Threat Defense), 9.14.4.6 (Adaptive Security Appliance), 9.14.4.7 (Adaptive Security Appliance), 9.14.4.12 (Adaptive Security Appliance), 6.6.7 (Firepower Threat Defense), 9.12.4.39 (Adaptive Security Appliance), 9.12.4.40 (Adaptive Security Appliance), 9.12.4.41 (Adaptive Security Appliance), 9.12.4.47 (Adaptive Security Appliance), 9.12.4.48 (Adaptive Security Appliance), 9.12.4.50 (Adaptive Security Appliance), 9.12.4.52 (Adaptive Security Appliance), 9.12.4.54 (Adaptive Security Appliance), 9.12.4.55 (Adaptive Security Appliance), 9.12.4.56 (Adaptive Security Appliance), 9.14.4.13 (Adaptive Security Appliance), 9.14.4.14 (Adaptive Security Appliance), 9.14.4.15 (Adaptive Security Appliance), 9.14.4.17 (Adaptive Security Appliance), 9.14.4.22 (Adaptive Security Appliance), 9.14.4.23 (Adaptive Security Appliance), 6.4.0.15 (Firepower Threat Defense), 6.4.0.16 (Firepower Threat Defense), 6.6.7.1 (Firepower Threat Defense), 9.12.4.58 (Adaptive Security Appliance), 9.12.4.62 (Adaptive Security Appliance), 9.12.4.65 (Adaptive Security Appliance), 6.4.0.17 (Firepower Threat Defense), 6.6.7.2 (Firepower Threat Defense), 9.14.4.24 (Adaptive Security Appliance), 9.12.4.67 (Adaptive Security Appliance), 6.4.0.18 (Firepower Threat Defense)

Possible Mitigations

Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe

CWE

CWE-415

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6.6.5.2 (Firepower Threat Defense), 9.14.4.6 (Adaptive Security Appliance), 9.14.4.7 (Adaptive Security Appliance), 9.14.4.12 (Adaptive Security Appliance), 6.6.7 (Firepower Threat Defense), 9.12.4.39 (Adaptive Security Appliance), 9.12.4.40 (Adaptive Security Appliance), 9.12.4.41 (Adaptive Security Appliance), 9.12.4.47 (Adaptive Security Appliance), 9.12.4.48 (Adaptive Security Appliance), 9.12.4.50 (Adaptive Security Appliance), 9.12.4.52 (Adaptive Security Appliance), 9.12.4.54 (Adaptive Security Appliance), 9.12.4.55 (Adaptive Security Appliance), 9.12.4.56 (Adaptive Security Appliance), 9.14.4.13 (Adaptive Security Appliance), 9.14.4.14 (Adaptive Security Appliance), 9.14.4.15 (Adaptive Security Appliance), 9.14.4.17 (Adaptive Security Appliance), 9.14.4.22 (Adaptive Security Appliance), 9.14.4.23 (Adaptive Security Appliance), 6.4.0.15 (Firepower Threat Defense), 6.4.0.16 (Firepower Threat Defense), 6.6.7.1 (Firepower Threat Defense), 9.12.4.58 (Adaptive Security Appliance), 9.12.4.62 (Adaptive Security Appliance), 9.12.4.65 (Adaptive Security Appliance), 6.4.0.17 (Firepower Threat Defense), 6.6.7.2 (Firepower Threat Defense), 9.14.4.24 (Adaptive Security Appliance), 9.12.4.67 (Adaptive Security Appliance), 6.4.0.18 (Firepower Threat Defense)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.08.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-10352",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-20134",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Firepower Threat Defense, Adaptive Security Appliance",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 SSL/TLS \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432 Cisco Adaptive Security Appliance (ASA) \u0438 Cisco Firepower Threat Defense (FTD), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 (CWE-415)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 SSL/TLS \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432 Cisco Adaptive Security Appliance (ASA) \u0438 Cisco Firepower Threat Defense (FTD) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u044b\u043c \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-415",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}

GHSA-WMCM-X4V8-VF3R

Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-14 18:31

Details

This vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending a crafted SSL/TLS certificate to an affected system through a listening SSL/TLS socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Severity ?

8.6 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-20134"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-14T17:15:34Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\n\nThis vulnerability is due to improper parsing of\u0026nbsp;SSL/TLS certificates. An attacker could exploit this vulnerability by sending a crafted SSL/TLS certificate to an affected system through a listening SSL/TLS socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.",
  "id": "GHSA-wmcm-x4v8-vf3r",
  "modified": "2025-08-14T18:31:29Z",
  "published": "2025-08-14T18:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20134"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-20134

Vulnerability from fkie_nvd - Published: 2025-08-14 17:15 - Updated: 2025-08-19 22:15

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static Network Address Translation (NAT) rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el procesamiento de certificados del software Cisco Secure Firewall Adaptive Security Appliance (ASA) y del software Cisco Secure Firewall Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado reinicie el dispositivo inesperadamente, lo que resulta en una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a un an\u00e1lisis incorrecto de certificados SSL/TLS. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un certificado SSL/TLS manipulado a un sistema afectado a trav\u00e9s de un socket SSL/TLS en espera. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante reinicie el dispositivo, lo que resulta en una denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "id": "CVE-2025-20134",
  "lastModified": "2025-08-19T22:15:27.180",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-14T17:15:34.637",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-415"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-20134 (GCVE-0-2025-20134)

CERTFR-2025-AVI-0708

Solutions

CVE-2025-20134

GHSA-WMCM-X4V8-VF3R

FKIE_CVE-2025-20134

Tags

Sightings

Nomenclature