---

ASA-201705-16 - log back

ASA-201705-16 created at 25 Sep 2019 19:32:14
Workaround	+ The most severe vulnerability, CVE-2017-7478, which allows a remote + unauthenticated attacker to cause a denial of service, can be mitigated + by setting up tls-auth or tls-crypt. Note that this requires changing + both server and clients configurations.
Impact	+ A remote, unauthenticated attacker can crash a server not using tls- auth or tls-crypt by sending a packet with an unexpected payload size. + A remote, authenticated attacker can crash a server using an AEAD mode cipher by sending crafted data to exhaust the packet counter.