Security News > 2021 > July > Cisco Patches High-Risk Flaw in ASA, FTD Software
Cisco on Thursday released patches for a high severity vulnerability in the Adaptive Security Appliance and Firepower Threat Defense software, warning that exploitation could lead to crippling denial-of-service attacks.
In an advisory that carries a 'high-severity' rating, Cisco said the software cryptography module of both ASA and FTD software is affected by a vulnerability exploitable by either a remote authenticated attacker or an unauthenticated attacker in a man-in-the-middle position.
The issue was identified in Cisco ASA software release 9.16.1 and FTD software release 7.0.0 and affects Firepower 2100 Series, Firepower NGFW Virtual, and Adaptive Security Virtual Appliance that are running a vulnerable software version, if specific configuration parameters exist on the device.
According to Cisco, there are no workarounds available to mitigate the vulnerability, but patches are already available to fix it.
Cisco's ASA software is the core operating system for the Cisco ASA family.
The Cisco Firepower FTD combines ASA and Cisco Firepower capabilities in a hardware and software inclusive system.