Cisco Adaptive Security Appliance (ASA) 软件和 Cisco Firepower Threat Defense (FTD) 软件的硬件 SSL/TLS 加密功能存在漏洞，攻击者可以利用该漏洞发送特制的 SSL/TLS 流量，导致受影响设备意外重启，造成拒绝服务 (DoS) 攻击。

😈 **漏洞描述:** 该漏洞是由于 SSL/TLS 流量处理的加密功能在卸载到硬件时，实现中存在错误。攻击者可以通过向受影响设备发送特制的 SSL/TLS 流量来利用此漏洞。

😈 **攻击影响:** 攻击者可以利用该漏洞导致硬件加密引擎出现意外错误，从而导致设备重启。

😈 **解决方案:** Cisco 已发布软件更新来解决此漏洞，目前没有解决此漏洞的变通方法。

😈 **漏洞等级:** 该漏洞被评为高危漏洞 (Security Impact Rating: High)。

😈 **CVE编号:** CVE-2023-20006

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-uu7mV5p6

Security Impact Rating: High
CVE: CVE-2023-20006