Symptom
In FTD CLI we can see multiple "ESTABLISHED" or "SYN_RECV" connections to port 8305 from sources that are not part of any configuration:
netstat -an :
tcp 0 0 192.168.2.47:8305 192.168.2.23:44136 ESTABLISHED
tcp 0 0 192.168.2.47:8305 36.106.123.152:52991 SYN_RECV
192.168.2.23 - Attacker IP
36.106.123.152 - Random spoof source
Conditions
When the manager's IP is confgured and the tunnel is still not connected.
Workaround
Not in the product itself but to perhaps using iptables.
Further Problem Description
None
PSIRT Evaluation
The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 3.7:
https://tools.cisco.com/security/center/cvssCalculator.x?vector=CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
No CVE ID has been assigned to this issue.
Additional information on Cisco''s security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
