An issue with the boot-time programming of access control lists (ACLs) for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a device to boot without all of its ACLs being correctly installed.
This issue is due to a logic error that occurs when ACLs are programmed at boot time. If ACLs are not in sequential order in the startup configuration, some access control entries (ACEs) may not be installed. Because ACLs govern network traffic to, from, and across the device, an incorrectly programmed ACL could cause traffic disruptions by blocking traffic that should be allowed or allowing traffic that should blocked. As a result, the device could have ACLs that are not properly programmed such that a range of both permit ACEs and deny ACEs could be missed, adversely affecting all traffic patterns.
Cisco has released software updates that address this issue. There are no workarounds that address this issue.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-aclconfig-wVK52f3z
Security Impact Rating: Informational
Source:: Cisco Security Advisories