7.7

CVE-2025-20127

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated, remote attacker to consume resources that are associated with incoming TLS 1.3 connections, which eventually could cause the device to stop accepting any new SSL/TLS or VPN requests.

This vulnerability is due to the implementation of the TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. An attacker could exploit this vulnerability by sending a large number of TLS 1.3 connections with the specific TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. A successful exploit could allow the attacker to cause a denial of service (DoS) condition where no new incoming encrypted connections are accepted. The device must be reloaded to clear this condition.
Note: These incoming TLS 1.3 connections include both data traffic and user-management traffic. After the device is in the vulnerable state, no new encrypted connections can be accepted.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoFirepower Threat Defense Version7.4.0
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoFirepower Threat Defense Version7.4.1
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoFirepower Threat Defense Version7.4.1.1
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoFirepower Threat Defense Version7.4.2
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoFirepower Threat Defense Version7.4.2.1
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoFirepower Threat Defense Version7.6.0
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoAdaptive Security Appliance Software Version9.20.1
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoAdaptive Security Appliance Software Version9.20.1.5
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoAdaptive Security Appliance Software Version9.20.2
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoAdaptive Security Appliance Software Version9.20.2.10
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoAdaptive Security Appliance Software Version9.20.2.21
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoAdaptive Security Appliance Software Version9.20.2.22
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoAdaptive Security Appliance Software Version9.20.3
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoAdaptive Security Appliance Software Version9.20.3.4
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoAdaptive Security Appliance Software Version9.20.3.7
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
CiscoAdaptive Security Appliance Software Version9.22.1.1
   CiscoSecure Firewall 3105 Version-
   CiscoSecure Firewall 3110 Version-
   CiscoSecure Firewall 3120 Version-
   CiscoSecure Firewall 3130 Version-
   CiscoSecure Firewall 3140 Version-
   CiscoSecure Firewall 4215 Version-
   CiscoSecure Firewall 4225 Version-
   CiscoSecure Firewall 4245 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.4
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 7.7 3.1 4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.