https://community.cisco.com/t5/network-security/asa-vulnerability-test/m-p/2699367#M415782 <PRE> Hi <A about="/users/nikkomalabanan" class="username" datatype="" href="https://supportforums.cisco.com/users/nikkomalabanan" property="foaf:name" title="View user profile." typeof="sioc:UserAccount" lang="">Nikko Malabanan</A> This vulnerability is only for routers and switches. The ASA firewall platform is not affected. Please check the following URL's for further reference: TCP Vulnerabilities in Multiple IOS-Based Cisco Products:- <A href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-ios" target="_blank">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-ios</A> <A href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios" target="_blank">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios</A> Multiple Vulnerabilities in Cisco PIX and Cisco ASA:- <A href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080604-asa" target="_blank">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080604-asa</A> </PRE> <P>&nbsp;</P> <P>Hope it helps</P> <P>-Randy-</P> Sun, 14 Jun 2015 22:56:49 GMT rvarelac 2015-06-14T22:56:49Z https://community.cisco.com/t5/network-security/asa-vulnerability-test/m-p/2699366#M415779 <P>Hi Experts,</P><P>Good Day!</P><P>I would like to seek for your assistance how to mitigate some vulnerabilities in my ASA with CX. I perform vulnerability test using Qualys into my ASA with CX and it hit me with a vulnerability named "TCP Sequence Number Approximation Based on Denial-of-Service". I did some research and I found out that most of the time BGP is prone to this vulnerability but my ASA is not running BGP protocol however, my ASA is just a pass-through for BGP peering of the Catalysts. Is that the reason why my Qualys detected it?</P><P>The thing is based on the documentation of this vulnerability, as a workaround I configured MD5 authentication for BGP peering in my switches and I ran again a VA scan and still the vulnerability is still there. I read thoroughly the vulnerability document and besides from the BGP protocol, Window Scaling is also part of this vulnerability which I configured for me to enhanced throughput.</P><P>Please help if one of you knows Qualys and how to mitigate this vulnerability.</P><P>Thanks,</P><P>Cheers,</P><P>&nbsp;</P><P>Niks</P> Fri, 21 Feb 2020 13:30:06 GMT https://community.cisco.com/t5/network-security/asa-vulnerability-test/m-p/2699366#M415779 fatalXerror 2020-02-21T13:30:06Z https://community.cisco.com/t5/network-security/asa-vulnerability-test/m-p/2699367#M415782 <PRE> Hi <A about="/users/nikkomalabanan" class="username" datatype="" href="https://supportforums.cisco.com/users/nikkomalabanan" property="foaf:name" title="View user profile." typeof="sioc:UserAccount" lang="">Nikko Malabanan</A> This vulnerability is only for routers and switches. The ASA firewall platform is not affected. Please check the following URL's for further reference: TCP Vulnerabilities in Multiple IOS-Based Cisco Products:- <A href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-ios" target="_blank">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-ios</A> <A href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios" target="_blank">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios</A> Multiple Vulnerabilities in Cisco PIX and Cisco ASA:- <A href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080604-asa" target="_blank">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080604-asa</A> </PRE> <P>&nbsp;</P> <P>Hope it helps</P> <P>-Randy-</P> Sun, 14 Jun 2015 22:56:49 GMT https://community.cisco.com/t5/network-security/asa-vulnerability-test/m-p/2699367#M415782 rvarelac 2015-06-14T22:56:49Z