The most severe of the security defects is CVE-2022-20927, a bug in the dynamic access policies (DAP) functionality of ASA and FTD software, allowing a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition.
Due to improper processing of data received from the Posture (HostScan) module, an attacker could send crafted HostScan data to cause the affected device to reload, Cisco explains.
Equally severe (CVSS score of 8.6) is CVE-2022-20946, a DoS vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of FTD software releases 6.3.0 and later.