-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.1909
  Cisco Adaptive Security Appliance Software and Firepower Threat Defense
          Software DNS Inspection Denial of Service Vulnerability
                               29 April 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Adaptive Security Appliance Software
                   Firepower Threat Defense Software
Publisher:         Cisco Systems
Operating System:  Cisco
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-20760  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq

Comment: CVSS (Max):  8.6 CVE-2022-20760 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
         CVSS Source: Cisco Systems
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software DNS Inspection Denial of Service Vulnerability

Priority:        High
Advisory ID:     cisco-sa-asaftd-dos-nJVAwOeq
First Published: 2022 April 27 16:00 GMT
Version 1.0:     Final
Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvz76966
CVE Names:       CVE-2022-20760
CWEs:            CWE-400

Summary

  o A vulnerability in the DNS inspection handler of Cisco Adaptive Security
    Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could
    allow an unauthenticated, remote attacker to cause a denial of service
    condition (DoS) on an affected device.

    This vulnerability is due to a lack of proper processing of incoming
    requests. An attacker could exploit this vulnerability by sending crafted
    DNS requests at a high rate to an affected device. A successful exploit
    could allow the attacker to cause the device to stop responding, resulting
    in a DoS condition.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq

    This advisory is part of the April 2022 release of the Cisco ASA, FTD, and
    FMC Security Advisory Bundled publication. For a complete list of the
    advisories and links to them, see Cisco Event Response: April 2022 Cisco
    ASA, FMC, and FTD Software Security Advisory Bundled Publication .

Affected Products

  o Vulnerable Products

    This vulnerability affects Cisco products if they are running a vulnerable
    release of Cisco ASA Software or FTD Software and have DNS inspection
    enabled.

    For information about which Cisco software releases are vulnerable, see the
    Fixed Software section of this advisory.

    Determine the DNS Inspection Configuration

    Use the show running-config policy-map | include inspect dns command in the
    ASA or FTD device CLI to assess the DNS inspection configuration. The
    following example shows the output of the command on a device that has DNS
    inspection enabled:

        asa# show running-config policy-map | include inspect dns
        inspect dns preset_dns_map

    Alternatively, use the show service-policy | include dns command. The
    following example show the output of the command on a device that has DNS
    inspection enabled:

        ciscoasa# show service-policy | include dns
        Inspect: dns preset_dns_map, packet 0, drop 0, reset-drop 0, v6-fail-close 0

    With both commands, empty output indicates that DNS inspection is not
    enabled.

    Note: DNS inspection is enabled by default.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect Cisco Firepower
    Management Center (FMC) Software.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers with service contracts that entitle
    them to regular software updates should obtain security fixes through their
    usual update channels.

    Customers may only install and expect support for software versions and
    feature sets for which they have purchased a license. By installing,
    downloading, accessing, or otherwise using such software upgrades,
    customers agree to follow the terms of the Cisco software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    The Cisco Support and Downloads page on Cisco.com provides information
    about licensing and downloads. This page can also display customer device
    support coverage for customers who use the My Devices tool.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    In the following table(s), the left column lists Cisco software releases.
    The center column indicates whether a release is affected by the
    vulnerability described in this advisory and the first release that
    includes the fix for this vulnerability. The right column indicates whether
    a release is affected by any of the Critical or High SIR vulnerabilities
    described in this bundle and which release includes fixes for those
    vulnerabilities.

    Cisco ASA Software

      Cisco ASA   First Fixed Release        First Fixed Release for All
      Software          for This       Vulnerabilities Described in the Bundle
       Release       Vulnerability                  of Advisories
    9.7 and       Migrate to a fixed   Migrate to a fixed release.
    earlier ^1    release.
    9.8           Migrate to a fixed   Migrate to a fixed release.
                  release.
    9.9 ^1        Migrate to a fixed   Migrate to a fixed release.
                  release.
    9.10 ^1       Migrate to a fixed   Migrate to a fixed release.
                  release.
    9.12          9.12.4.38            9.12.4.38
    9.13 ^1       Migrate to a fixed   Migrate to a fixed release.
                  release.
    9.14          9.14.4               9.14.4
    9.15          9.15.1.21            9.15.1.21
    9.16          9.16.2.14            9.16.2.14
    9.17          9.17.1.7             9.17.1.7

    1. Cisco ASA Software releases 9.7 and earlier as well as releases 9.9,
    9.10, and 9.13 have reached end of software maintenance . Customers are
    advised to migrate to a supported release that includes the fix for this
    vulnerability.


    Cisco FTD Software

                                                                 First Fixed
     Cisco                                                     Release for All
      FTD       First Fixed Release for This Vulnerability     Vulnerabilities
    Software                                                   Described in the
    Release                                                       Bundle of
                                                                  Advisories
    6.2.2
    and      Migrate to a fixed release.                       Migrate to a
    earlier                                                    fixed release.
    ^1
    6.2.3    Migrate to a fixed release.                       Migrate to a
                                                               fixed release.
    6.3.0 ^1 Migrate to a fixed release.                       Migrate to a
                                                               fixed release.
    6.4.0    6.4.0.15 (May 2022)                               6.4.0.15 (May
                                                               2022)
    6.5.0 ^1 Migrate to a fixed release.                       Migrate to a
                                                               fixed release.
    6.6.0    6.6.5.2                                           6.6.5.2
             Cisco_FTD_Hotfix_AA-6.7.0.4-2.sh.REL.tar
    6.7.0    Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2.sh.REL.tar Migrate to a
             Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2.sh.REL.tar fixed release.
             Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2.sh.REL.tar
    7.0.0    7.0.2 (May 2022)                                  7.0.2 (May 2022)
    7.1.0    7.1.0.1                                           7.1.0.1

    1. Cisco FMC and FTD Software releases 6.2.2 and earlier, as well as
    releases 6.3.0 and 6.5.0, have reached end of software maintenance .
    Customers are advised to migrate to a supported release that includes the
    fix for this vulnerability.


    For instructions on upgrading your FTD device, see Cisco Firepower
    Management Center Upgrade Guide .

    The Cisco Product Security Incident Response Team (PSIRT) validates only
    the affected and fixed release information that is documented in this
    advisory.

Exploitation and Public Announcements

  o The Cisco PSIRT is not aware of any public announcements or malicious use
    of the vulnerability that is described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

Related to This Advisory

  o Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security
    Advisory Bundled Publication

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2022-APR-27  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYmsyLeNLKJtyKPYoAQjzqg/7BW/6FNkXiPwuS88WmQJrnx4Ei+uPKn4W
ZWYk84BbIY1B5ngKeFq46MrKHK3pRcHA5EaDH6j+75X0TwcDOJoHDScdF1Pj41Qp
1+333RL0+xdBxF4OZYVwX0NhZ0Lgd+Qf3G6tBN6DGmc1qV86TZaMtwXlJXTVvXgH
OHsAus8pIhjH671lNOc4dF17ySNXnBpHhCEuR6BPOQ4Ex7xffK+3//jS3sWsVa4J
cW5hNv/CTFCdc+HnCODCwEn+mGey+rOsQ06QZhugNkcB4R7AqF793z3VdwhRgMOb
kK+/HD6kcTFw6A4hOpcWEYpRW6WmemuyX67xGSWi4TTWmcN0MxwG/O9gWPa35oqe
dFgxZOwbjgVBJ8pUE0B8Rr8XHL1pGP1WmxG/YmB7Ki94Gmny0QjOZ3Kh2n4WcKcO
WLTJFAEnaUco/EkDySXCxj7RK1Em+OddwSRvsi7qPdcI1ETQQ3KlWAKBkiRb5xAL
9deaxpW/1EOIUig8qtIrkMIr528k78CKx+YYDMPrHI+pBqDwny0X+UHyiWgOgprz
SbFUy3M3wsr89H3JPmhYpVZXv5V5nxlEspbyCzCPoB8+hMEs18Etgc9ftEFa7rUH
xcHKmMVq8d1X0ha8r5oIQ0uS+SNYq9JGfpnvA+khfxIscod7RgITIBcBKsmSBwh0
eufUU8V/E9Q=
=Mxam
-----END PGP SIGNATURE-----