Solved: CVE-2004-0230 detected - Fixed firmware for ASA 5506?

MarcoLazzarotto · ‎01-23-2023

Hello,

a vulnerability test detected "TCP Sequence Number Approximation Based Denial of Service" vulnerability (CVE-2004-0230) on a ASA 5506.

The ASA should be running on 9.8(2).

How do I find when (what firmware version) Cisco fixed the vulnerability?

Marvin Rhoads · ‎01-23-2023

I'd be surprised if this is a true positive alert since the CVE (from 2004) was identified 11 years before the ASA 5506 was first released (in 2015). The last software released for the ASA 5506 was 9.16(4)9 in November 2022.

View solution in original post

balaji.bandi · ‎01-23-2023

Product is EOL - (you need to uplift to latest models - Cisco Secure firewalls (aka FTD)

https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-c51-744797.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MarcoLazzarotto · ‎01-23-2023

I understand. Would I be able to fix the issue by updating to latest available firmware?

balaji.bandi · ‎01-23-2023

where do you get latest firmware and product not sold or giving support by Cisco ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎01-23-2023

I'd be surprised if this is a true positive alert since the CVE (from 2004) was identified 11 years before the ASA 5506 was first released (in 2015). The last software released for the ASA 5506 was 9.16(4)9 in November 2022.

MarcoLazzarotto · ‎01-23-2023

@Marvin Rhoads , I'm not gonna lie, I was waiting for a confirm about this. The CVE is indeed from 2004.

Thank you