BDU:2025-11706

Опубликовано: 25 сент. 2025

Источник: fstec

CVSS3: 9.9

CVSS2: 9

EPSS Низкий

Описание

Уязвимость веб-сервера VPN микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Cisco Firepower Threat Defense (FTD) связана с копированием буфера без проверки размера входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с правами root путем отправки специально сформированных HTTP-запросов

Вендор

Cisco Systems Inc.

Наименование ПО

Firepower Threat Defense

Adaptive Security Appliance

Версия ПО

6.2.3 (Firepower Threat Defense)

6.4.0 (Firepower Threat Defense)

6.2.3.16 (Firepower Threat Defense)

9.8.4.22 (Adaptive Security Appliance)

9.8.4.25 (Adaptive Security Appliance)

9.12.4.2 (Adaptive Security Appliance)

9.14.1.15 (Adaptive Security Appliance)

9.16.1 (Adaptive Security Appliance)

7.0.0 (Firepower Threat Defense)

7.2.0 (Firepower Threat Defense)

7.2.0.1 (Firepower Threat Defense)

9.14.1 (Adaptive Security Appliance)

9.14.1.10 (Adaptive Security Appliance)

9.14.1.19 (Adaptive Security Appliance)

9.14.1.30 (Adaptive Security Appliance)

9.14.2 (Adaptive Security Appliance)

9.14.2.4 (Adaptive Security Appliance)

9.14.2.8 (Adaptive Security Appliance)

9.14.2.13 (Adaptive Security Appliance)

9.14.2.15 (Adaptive Security Appliance)

9.14.3 (Adaptive Security Appliance)

9.14.3.1 (Adaptive Security Appliance)

9.14.3.9 (Adaptive Security Appliance)

9.14.3.13 (Adaptive Security Appliance)

9.14.3.15 (Adaptive Security Appliance)

9.14.3.18 (Adaptive Security Appliance)

6.6.0 (Firepower Threat Defense)

6.6.0.1 (Firepower Threat Defense)

6.6.1 (Firepower Threat Defense)

6.6.3 (Firepower Threat Defense)

6.6.4 (Firepower Threat Defense)

6.6.5 (Firepower Threat Defense)

6.6.5.1 (Firepower Threat Defense)

6.6.5.2 (Firepower Threat Defense)

7.0.0.1 (Firepower Threat Defense)

7.0.1 (Firepower Threat Defense)

7.0.1.1 (Firepower Threat Defense)

7.0.2 (Firepower Threat Defense)

7.0.2.1 (Firepower Threat Defense)

7.0.3 (Firepower Threat Defense)

7.0.4 (Firepower Threat Defense)

7.1.0.1 (Firepower Threat Defense)

7.1.0.2 (Firepower Threat Defense)

9.8.1 (Adaptive Security Appliance)

9.8.1.5 (Adaptive Security Appliance)

9.8.1.7 (Adaptive Security Appliance)

9.8.2 (Adaptive Security Appliance)

9.8.2.8 (Adaptive Security Appliance)

9.8.2.14 (Adaptive Security Appliance)

9.8.2.15 (Adaptive Security Appliance)

9.8.2.17 (Adaptive Security Appliance)

9.8.2.20 (Adaptive Security Appliance)

9.8.2.24 (Adaptive Security Appliance)

9.8.2.26 (Adaptive Security Appliance)

9.8.2.28 (Adaptive Security Appliance)

9.8.2.33 (Adaptive Security Appliance)

9.8.2.35 (Adaptive Security Appliance)

9.8.2.38 (Adaptive Security Appliance)

9.8.3 (Adaptive Security Appliance)

9.8.3.8 (Adaptive Security Appliance)

9.8.3.11 (Adaptive Security Appliance)

9.8.3.14 (Adaptive Security Appliance)

9.8.3.16 (Adaptive Security Appliance)

9.8.3.18 (Adaptive Security Appliance)

9.8.3.21 (Adaptive Security Appliance)

9.8.3.26 (Adaptive Security Appliance)

9.8.3.29 (Adaptive Security Appliance)

9.8.4 (Adaptive Security Appliance)

9.8.4.3 (Adaptive Security Appliance)

9.8.4.7 (Adaptive Security Appliance)

9.8.4.8 (Adaptive Security Appliance)

9.8.4.10 (Adaptive Security Appliance)

9.8.4.12 (Adaptive Security Appliance)

9.8.4.15 (Adaptive Security Appliance)

9.8.4.17 (Adaptive Security Appliance)

9.14.3.11 (Adaptive Security Appliance)

9.14.4.6 (Adaptive Security Appliance)

9.14.4 (Adaptive Security Appliance)

9.14.4.7 (Adaptive Security Appliance)

9.14.4.12 (Adaptive Security Appliance)

9.16.3 (Adaptive Security Appliance)

9.16.3.3 (Adaptive Security Appliance)

9.16.3.14 (Adaptive Security Appliance)

9.17.1 (Adaptive Security Appliance)

9.17.1.7 (Adaptive Security Appliance)

9.17.1.9 (Adaptive Security Appliance)

9.17.1.10 (Adaptive Security Appliance)

9.17.1.11 (Adaptive Security Appliance)

9.17.1.13 (Adaptive Security Appliance)

9.17.1.15 (Adaptive Security Appliance)

9.18.1 (Adaptive Security Appliance)

6.6.7 (Firepower Threat Defense)

9.16.1.28 (Adaptive Security Appliance)

9.16.2 (Adaptive Security Appliance)

9.16.2.3 (Adaptive Security Appliance)

9.16.2.7 (Adaptive Security Appliance)

9.16.2.11 (Adaptive Security Appliance)

9.16.2.13 (Adaptive Security Appliance)

9.16.2.14 (Adaptive Security Appliance)

9.16.3.15 (Adaptive Security Appliance)

9.16.3.19 (Adaptive Security Appliance)

9.16.3.23 (Adaptive Security Appliance)

9.16.4 (Adaptive Security Appliance)

9.16.4.9 (Adaptive Security Appliance)

9.17.1.20 (Adaptive Security Appliance)

9.18.1.3 (Adaptive Security Appliance)

9.18.2 (Adaptive Security Appliance)

9.18.2.5 (Adaptive Security Appliance)

9.18.2.7 (Adaptive Security Appliance)

9.19.1 (Adaptive Security Appliance)

7.0.5 (Firepower Threat Defense)

7.1.0.3 (Firepower Threat Defense)

7.2.1 (Firepower Threat Defense)

7.2.2 (Firepower Threat Defense)

7.2.3 (Firepower Threat Defense)

7.3.0 (Firepower Threat Defense)

7.3.1 (Firepower Threat Defense)

7.3.1.1 (Firepower Threat Defense)

7.2.4 (Firepower Threat Defense)

9.8.4.20 (Adaptive Security Appliance)

9.8.4.26 (Adaptive Security Appliance)

9.8.4.29 (Adaptive Security Appliance)

9.12.1 (Adaptive Security Appliance)

9.12.1.2 (Adaptive Security Appliance)

9.12.1.3 (Adaptive Security Appliance)

9.12.2 (Adaptive Security Appliance)

9.12.2.1 (Adaptive Security Appliance)

9.12.2.4 (Adaptive Security Appliance)

9.12.2.5 (Adaptive Security Appliance)

9.12.2.9 (Adaptive Security Appliance)

9.12.3 (Adaptive Security Appliance)

9.12.3.2 (Adaptive Security Appliance)

9.12.3.7 (Adaptive Security Appliance)

9.12.3.9 (Adaptive Security Appliance)

9.12.4 (Adaptive Security Appliance)

9.12.4.4 (Adaptive Security Appliance)

9.12.4.7 (Adaptive Security Appliance)

9.12.4.8 (Adaptive Security Appliance)

9.12.4.10 (Adaptive Security Appliance)

9.12.4.13 (Adaptive Security Appliance)

9.12.4.18 (Adaptive Security Appliance)

9.12.4.24 (Adaptive Security Appliance)

9.12.4.26 (Adaptive Security Appliance)

9.12.4.29 (Adaptive Security Appliance)

9.12.4.30 (Adaptive Security Appliance)

9.12.4.35 (Adaptive Security Appliance)

9.14.1.6 (Adaptive Security Appliance)

9.8.4.32 (Adaptive Security Appliance)

9.8.4.33 (Adaptive Security Appliance)

9.8.4.34 (Adaptive Security Appliance)

9.8.4.35 (Adaptive Security Appliance)

9.8.4.39 (Adaptive Security Appliance)

9.8.4.40 (Adaptive Security Appliance)

9.8.4.41 (Adaptive Security Appliance)

9.8.4.43 (Adaptive Security Appliance)

9.8.4.44 (Adaptive Security Appliance)

9.8.4.45 (Adaptive Security Appliance)

9.8.4.46 (Adaptive Security Appliance)

9.8.4.48 (Adaptive Security Appliance)

9.12.3.12 (Adaptive Security Appliance)

9.12.4.37 (Adaptive Security Appliance)

9.12.4.38 (Adaptive Security Appliance)

9.12.4.39 (Adaptive Security Appliance)

9.12.4.40 (Adaptive Security Appliance)

9.12.4.41 (Adaptive Security Appliance)

9.12.4.47 (Adaptive Security Appliance)

9.12.4.48 (Adaptive Security Appliance)

9.12.4.50 (Adaptive Security Appliance)

9.12.4.52 (Adaptive Security Appliance)

9.12.4.54 (Adaptive Security Appliance)

9.12.4.55 (Adaptive Security Appliance)

9.12.4.56 (Adaptive Security Appliance)

9.14.4.13 (Adaptive Security Appliance)

9.14.4.14 (Adaptive Security Appliance)

9.14.4.15 (Adaptive Security Appliance)

9.14.4.17 (Adaptive Security Appliance)

9.14.4.22 (Adaptive Security Appliance)

9.14.4.23 (Adaptive Security Appliance)

9.16.4.14 (Adaptive Security Appliance)

9.16.4.18 (Adaptive Security Appliance)

9.17.1.30 (Adaptive Security Appliance)

9.18.2.8 (Adaptive Security Appliance)

9.18.3 (Adaptive Security Appliance)

9.19.1.5 (Adaptive Security Appliance)

9.19.1.9 (Adaptive Security Appliance)

6.2.3.3 (Firepower Threat Defense)

6.2.3.4 (Firepower Threat Defense)

6.2.3.5 (Firepower Threat Defense)

6.2.3.6 (Firepower Threat Defense)

6.2.3.7 (Firepower Threat Defense)

6.2.3.8 (Firepower Threat Defense)

6.2.3.9 (Firepower Threat Defense)

6.2.3.10 (Firepower Threat Defense)

6.2.3.11 (Firepower Threat Defense)

6.2.3.12 (Firepower Threat Defense)

6.2.3.13 (Firepower Threat Defense)

6.2.3.14 (Firepower Threat Defense)

6.2.3.15 (Firepower Threat Defense)

6.2.3.17 (Firepower Threat Defense)

6.2.3.18 (Firepower Threat Defense)

6.4.0.1 (Firepower Threat Defense)

6.4.0.2 (Firepower Threat Defense)

6.4.0.3 (Firepower Threat Defense)

6.4.0.4 (Firepower Threat Defense)

6.4.0.5 (Firepower Threat Defense)

6.4.0.6 (Firepower Threat Defense)

6.4.0.7 (Firepower Threat Defense)

6.4.0.8 (Firepower Threat Defense)

6.4.0.9 (Firepower Threat Defense)

6.4.0.10 (Firepower Threat Defense)

6.4.0.11 (Firepower Threat Defense)

6.4.0.12 (Firepower Threat Defense)

6.4.0.13 (Firepower Threat Defense)

6.4.0.14 (Firepower Threat Defense)

6.4.0.15 (Firepower Threat Defense)

6.4.0.16 (Firepower Threat Defense)

6.6.7.1 (Firepower Threat Defense)

7.1.0 (Firepower Threat Defense)

6.2.3.1 (Firepower Threat Defense)

6.2.3.2 (Firepower Threat Defense)

9.12.4.58 (Adaptive Security Appliance)

9.16.4.19 (Adaptive Security Appliance)

9.16.4.27 (Adaptive Security Appliance)

9.18.3.39 (Adaptive Security Appliance)

9.18.3.46 (Adaptive Security Appliance)

9.19.1.12 (Adaptive Security Appliance)

7.0.6 (Firepower Threat Defense)

9.16.4.38 (Adaptive Security Appliance)

9.18.3.53 (Adaptive Security Appliance)

9.18.3.55 (Adaptive Security Appliance)

9.19.1.18 (Adaptive Security Appliance)

7.2.4.1 (Firepower Threat Defense)

7.2.5 (Firepower Threat Defense)

9.12.4.62 (Adaptive Security Appliance)

9.12.4.65 (Adaptive Security Appliance)

9.16.4.39 (Adaptive Security Appliance)

9.16.4.42 (Adaptive Security Appliance)

9.16.4.48 (Adaptive Security Appliance)

9.16.4.55 (Adaptive Security Appliance)

9.17.1.33 (Adaptive Security Appliance)

9.18.3.56 (Adaptive Security Appliance)

9.18.4 (Adaptive Security Appliance)

9.18.4.5 (Adaptive Security Appliance)

9.18.4.8 (Adaptive Security Appliance)

9.19.1.22 (Adaptive Security Appliance)

9.19.1.24 (Adaptive Security Appliance)

9.19.1.27 (Adaptive Security Appliance)

9.20.1 (Adaptive Security Appliance)

9.20.1.5 (Adaptive Security Appliance)

9.20.2 (Adaptive Security Appliance)

6.4.0.17 (Firepower Threat Defense)

7.0.6.1 (Firepower Threat Defense)

7.2.5.1 (Firepower Threat Defense)

7.4.0 (Firepower Threat Defense)

7.4.1 (Firepower Threat Defense)

7.3.1.2 (Firepower Threat Defense)

6.6.7.2 (Firepower Threat Defense)

9.8.2.45 (Adaptive Security Appliance)

9.14.4.24 (Adaptive Security Appliance)

9.16.4.57 (Adaptive Security Appliance)

9.16.4.61 (Adaptive Security Appliance)

9.17.1.39 (Adaptive Security Appliance)

9.18.4.22 (Adaptive Security Appliance)

9.18.4.24 (Adaptive Security Appliance)

9.18.4.29 (Adaptive Security Appliance)

9.19.1.28 (Adaptive Security Appliance)

9.19.1.31 (Adaptive Security Appliance)

9.20.2.10 (Adaptive Security Appliance)

9.20.2.21 (Adaptive Security Appliance)

9.20.2.22 (Adaptive Security Appliance)

7.0.6.2 (Firepower Threat Defense)

7.2.5.2 (Firepower Threat Defense)

7.2.8.1 (Firepower Threat Defense)

7.4.1.1 (Firepower Threat Defense)

9.12.4.67 (Adaptive Security Appliance)

6.4.0.18 (Firepower Threat Defense)

7.2.6 (Firepower Threat Defense)

7.2.7 (Firepower Threat Defense)

9.16.4.67 (Adaptive Security Appliance)

9.16.4.70 (Adaptive Security Appliance)

9.18.4.40 (Adaptive Security Appliance)

9.20.3 (Adaptive Security Appliance)

9.16.4.62 (Adaptive Security Appliance)

9.18.4.34 (Adaptive Security Appliance)

7.2.8 (Firepower Threat Defense)

7.4.2 (Firepower Threat Defense)

9.20.3.4 (Adaptive Security Appliance)

9.22.1.1 (Adaptive Security Appliance)

7.4.2.1 (Firepower Threat Defense)

7.6.0 (Firepower Threat Defense)

9.16.4.71 (Adaptive Security Appliance)

9.16.4.76 (Adaptive Security Appliance)

9.16.4.82 (Adaptive Security Appliance)

9.22.1.2 (Adaptive Security Appliance)

7.0.6.3 (Firepower Threat Defense)

7.0.7 (Firepower Threat Defense)

7.4.2.2 (Firepower Threat Defense)

7.4.2.3 (Firepower Threat Defense)

9.16.4.84 (Adaptive Security Appliance)

7.0.8 (Firepower Threat Defense)

Тип ПО

ПО программно-аппаратного средства

ПО сетевого программно-аппаратного средства

Операционные системы и аппаратные платформы

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 9)

Критический уровень опасности (базовая оценка CVSS 3.1 составляет 9,9)

Возможные меры по устранению уязвимости

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.

Компенсирующие меры:

- использование команды CLI show running-config для проверки конфигурации устройства на предмет наличия следующих признаков:

для Cisco Secure Firewall ASA:

crypto ikev2 enable <interface name> client-services port <port_numbers>;

webvpn

mus password

mus server enable <port_number>

mus <IPv4_address> <IPv4_mask> <interface_name>;

webvpn

enable <interface_name>;

для Cisco Secure Firewall FTD:

crypto ikev2 enable <interface_name> client-services port <port_number>;

webvpn

enable <interface_name>;

- ограничение доступа к уязвимому устройству, используя схему доступа по «белым спискам»;

- использование систем обнаружения и предотвращения вторжений для обнаружения (выявления, регистрации) и реагирования на попытки эксплуатации уязвимости;

- ограничение доступа к уязвимому устройству из внешних сетей (Интернет).

Использование рекомендаций:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует

Информация об устранении

Уязвимость устранена

Ссылки на источники

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

Идентификаторы других систем описаний уязвимостей

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-20333
CVE

EPSS

Процентиль: 91%

0.06106

Низкий

9.9 Critical

CVSS3

9 Critical

CVSS2

Связанные уязвимости

CVE-2025-20333

CVSS3: 9.9

nvd

5 месяцев назад

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

GHSA-vg93-6w2x-3cvp

CVSS3: 9.9

github

5 месяцев назад

EPSS

Процентиль: 91%

0.06106

Низкий

9.9 Critical

CVSS3

9 Critical

CVSS2