Authenticated users with valid VPN access can trigger a remote device reload on Cisco Secure Firewalls, causing an immediate and disruptive Denial of Service condition.

The vulnerability resides in the LUA interpreter used within the Remote Access SSL VPN feature. An authenticated, remote attacker with a valid VPN connection can execute specific commands that cause the device to crash and reload unexpectedly.

While this exploit requires authentication, it allows any user with valid VPN credentials—including compromised accounts—to take the entire firewall offline. The CVSS score of 7.7 reflects a High-severity risk where system availability is compromised, leading to immediate disconnection of all active sessions and potential data loss during the reboot cycle.

Immediate Action: Apply the latest software patches from Cisco to resolve the LUA interpreter flaw in the ASA and FTD platforms.

Proactive Monitoring: Review VPN session logs for unusual activity and monitor system uptime logs for unexpected reboots or "last reload" reasons related to software forced crashes.

Compensating Controls: Enforce multi-factor authentication (MFA) for all VPN users to reduce the risk of an attacker using compromised credentials to trigger this vulnerability.

Public Exploit Available: false

Organizations should treat this as a high-priority update, especially if they have a large number of VPN users. Patching the LUA interpreter is the only definitive way to prevent authenticated users from disrupting network services. Ensure that all security appliances are updated during the next available maintenance window.