Cisco Security Advisory - Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ACLs Not Installed upon Reload

Started by Netwörkheäd, July 27, 2023, 06:04:43 PM

Previous topic - Next topic

Netwörkheäd

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ACLs Not Installed upon Reload

An issue with the boot-time programming of access control lists (ACLs) for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a device to boot without all of its ACLs being correctly installed.


This issue is due to a logic error that occurs when ACLs are programmed at boot time. If object groups are not in sequential order in the startup configuration, some access control entries (ACEs) may not be installed. Because ACLs govern network traffic to, from, and across the device, an incorrectly programmed ACL could cause traffic disruptions by blocking traffic that should be allowed or allowing traffic that should blocked. As a result, the device could have ACLs that are not properly programmed such that a range of both permit ACEs and deny ACEs could be missed, adversely affecting all traffic patterns.


Cisco has released software updates that address this issue. There are no workarounds that address this issue.


This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-aclconfig-wVK52f3z 


     
         
Security Impact Rating:  Informational
Source: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ACLs Not Installed upon Reload
Let's not argue. Let's network!