Multiple Cisco products are prone to a security-bypass vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks.
This issue is being tracked by Cisco Bug ID CSCvg40155.
Information
Cisco Firepower Threat Defense Software 6.1.0.5
Cisco Firepower Threat Defense Software 6.0.1.4
Cisco Firepower Threat Defense Software 6.0
Cisco FirePOWER 9300 ASA Security Module 0
Cisco Firepower 4110 Security Appliance 0
Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches 0
Cisco ASA Services Module for Cisco 7600 Series Routers 0
Cisco ASA 5500-X Series Next-Generation Firewalls 0
Cisco ASA 5500 Series Adaptive Security Appliances 0
Cisco Adaptive Security Virtual Appliance (ASAv) 0
Cisco Adaptive Security Appliance (ASA) Software 9.6.3
Cisco Adaptive Security Appliance (ASA) Software 9.4.4
Cisco Adaptive Security Appliance (ASA) Software 9.6.3.17
Cisco Adaptive Security Appliance (ASA) Software 9.6.2.9
Cisco Adaptive Security Appliance (ASA) Software 9.6.2.21
Cisco Adaptive Security Appliance (ASA) Software 9.5.3.9
Cisco Adaptive Security Appliance (ASA) Software 9.5.3.7
Cisco Adaptive Security Appliance (ASA) Software 9.5.2.8
Cisco Adaptive Security Appliance (ASA) Software 9.5.2.7
Cisco Adaptive Security Appliance (ASA) Software 9.4.4.13
Cisco Adaptive Security Appliance (ASA) Software 9.4.3.2
Cisco Adaptive Security Appliance (ASA) Software 9.4.3.1
Cisco 3000 Series Industrial Security Appliance (ISA) 0
Cisco Adaptive Security Appliance (ASA) Software 9.6.3.20
Cisco Adaptive Security Appliance (ASA) Software 9.4.4.14
Exploit
An attacker can use readily available tools to exploit this issue.
References: