Cisco Secure ASA contains an improper validation of user-supplied input in HTTP(S) requests that allows an unauthenticated remote attacker to access restricted URL endpoints that are related to remote access VPN. Combined with a buffer overflow in the files_action.lua LUA script, these vulnerabilities may allow unauthenticated remote attackers to execute arbitrary code as root or cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions.
CVE Link
Exploit Type
Product Name