Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2024-0450
Vulnerability from csaf_certbund
Published
2020-05-06 22:00
Modified
2024-02-21 23:00
Summary
Cisco Adaptive Security Appliance (ASA) und Cisco Firepower Threat Defense (FTD): Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Cisco ASA Appliance bietet Funktionen zur Sicherung von Anwendungssoftware, wie beispielsweise Firewall oder VPN.
Firepower ist eine Firewall-Plattform von Cisco
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Cisco Adaptive Security Appliance (ASA) und Cisco Firepower Threat Defense (FTD) ausnutzen, um einen Denial of Service Angriff durchzuführen, Daten zu manipulieren oder vertrauliche Informationen einzusehen.
Betroffene Betriebssysteme
- CISCO Appliance
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Cisco ASA Appliance bietet Funktionen zur Sicherung von Anwendungssoftware, wie beispielsweise Firewall oder VPN.\r\nFirepower ist eine Firewall-Plattform von Cisco",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Cisco Adaptive Security Appliance (ASA) und Cisco Firepower Threat Defense (FTD) ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Daten zu manipulieren oder vertrauliche Informationen einzusehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- CISCO Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0450 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2024-0450.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0450 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0450"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-asa-dos-BqYFRJt9 vom 2020-05-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-BqYFRJt9"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-asa-dos-P43GCE5j vom 2020-05-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-P43GCE5j"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-asaftd-dos-qk8cTGLz vom 2020-05-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-qk8cTGLz"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-asaftd-info-disclose-9eJtycMB vom 2020-05-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-asaftd-ipv6-67pA658k vom 2020-05-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-asaftd-mgcp-SUqB8VKH vom 2020-05-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-asa-ftd-ospf-dos-RhMQY8qx vom 2020-05-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv vom 2020-05-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-asaftd-path-JE3azWw43 vom 2020-05-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-asa-ssl-vpn-dos-qY7BHpjN vom 2020-05-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"
},
{
"category": "external",
"summary": "Exploitalert.com vom 2020-08-20",
"url": "https://www.exploitalert.com/view-details.html?id=36008"
}
],
"source_lang": "en-US",
"title": "Cisco Adaptive Security Appliance (ASA) und Cisco Firepower Threat Defense (FTD): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-21T23:00:00.000+00:00",
"generator": {
"date": "2024-02-22T09:06:37.847+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2024-0450",
"initial_release_date": "2020-05-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2020-05-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-05-14T22:00:00.000+00:00",
"number": "2",
"summary": "Anpassung zur Bewertung der Schadensh\u00f6he"
},
{
"date": "2020-08-20T22:00:00.000+00:00",
"number": "3",
"summary": "Exploit aufgenommen"
},
{
"date": "2024-02-21T23:00:00.000+00:00",
"number": "4",
"summary": "Aktive Ausnutzung gemeldet"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cisco ASA (Adaptive Security Appliance)",
"product": {
"name": "Cisco ASA (Adaptive Security Appliance)",
"product_id": "1910",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:adaptive_security_appliance:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Threat Defense (FTD)",
"product": {
"name": "Cisco Firepower Threat Defense (FTD)",
"product_id": "T016462",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:firepower:t"
}
}
}
],
"category": "product_name",
"name": "Firepower"
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3191",
"notes": [
{
"category": "description",
"text": "In der Cisco Adaptive Security Appliance (ASA) Software und Cisco Firepower Threat Defense (FTD) Software existieren mehrere Schwachstellen. Sie beruhen auf Fehlern bei der Verarbeitung von Daten in den Implementierungen von Internet Key Exchange Version 1 (IKEv1), Border Gateway Protocol (BGP), DHCP, DNS over IPv6, Media Gateway Control Protocol (MGCP), Open Shortest Path First (OSPF) und Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"1910",
"T016462"
]
},
"release_date": "2020-05-06T22:00:00Z",
"title": "CVE-2020-3191"
},
{
"cve": "CVE-2020-3195",
"notes": [
{
"category": "description",
"text": "In der Cisco Adaptive Security Appliance (ASA) Software und Cisco Firepower Threat Defense (FTD) Software existieren mehrere Schwachstellen. Sie beruhen auf Fehlern bei der Verarbeitung von Daten in den Implementierungen von Internet Key Exchange Version 1 (IKEv1), Border Gateway Protocol (BGP), DHCP, DNS over IPv6, Media Gateway Control Protocol (MGCP), Open Shortest Path First (OSPF) und Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"1910",
"T016462"
]
},
"release_date": "2020-05-06T22:00:00Z",
"title": "CVE-2020-3195"
},
{
"cve": "CVE-2020-3196",
"notes": [
{
"category": "description",
"text": "In der Cisco Adaptive Security Appliance (ASA) Software und Cisco Firepower Threat Defense (FTD) Software existieren mehrere Schwachstellen. Sie beruhen auf Fehlern bei der Verarbeitung von Daten in den Implementierungen von Internet Key Exchange Version 1 (IKEv1), Border Gateway Protocol (BGP), DHCP, DNS over IPv6, Media Gateway Control Protocol (MGCP), Open Shortest Path First (OSPF) und Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"1910",
"T016462"
]
},
"release_date": "2020-05-06T22:00:00Z",
"title": "CVE-2020-3196"
},
{
"cve": "CVE-2020-3254",
"notes": [
{
"category": "description",
"text": "In der Cisco Adaptive Security Appliance (ASA) Software und Cisco Firepower Threat Defense (FTD) Software existieren mehrere Schwachstellen. Sie beruhen auf Fehlern bei der Verarbeitung von Daten in den Implementierungen von Internet Key Exchange Version 1 (IKEv1), Border Gateway Protocol (BGP), DHCP, DNS over IPv6, Media Gateway Control Protocol (MGCP), Open Shortest Path First (OSPF) und Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"1910",
"T016462"
]
},
"release_date": "2020-05-06T22:00:00Z",
"title": "CVE-2020-3254"
},
{
"cve": "CVE-2020-3298",
"notes": [
{
"category": "description",
"text": "In der Cisco Adaptive Security Appliance (ASA) Software und Cisco Firepower Threat Defense (FTD) Software existieren mehrere Schwachstellen. Sie beruhen auf Fehlern bei der Verarbeitung von Daten in den Implementierungen von Internet Key Exchange Version 1 (IKEv1), Border Gateway Protocol (BGP), DHCP, DNS over IPv6, Media Gateway Control Protocol (MGCP), Open Shortest Path First (OSPF) und Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"1910",
"T016462"
]
},
"release_date": "2020-05-06T22:00:00Z",
"title": "CVE-2020-3298"
},
{
"cve": "CVE-2020-3303",
"notes": [
{
"category": "description",
"text": "In der Cisco Adaptive Security Appliance (ASA) Software und Cisco Firepower Threat Defense (FTD) Software existieren mehrere Schwachstellen. Sie beruhen auf Fehlern bei der Verarbeitung von Daten in den Implementierungen von Internet Key Exchange Version 1 (IKEv1), Border Gateway Protocol (BGP), DHCP, DNS over IPv6, Media Gateway Control Protocol (MGCP), Open Shortest Path First (OSPF) und Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"1910",
"T016462"
]
},
"release_date": "2020-05-06T22:00:00Z",
"title": "CVE-2020-3303"
},
{
"cve": "CVE-2020-3305",
"notes": [
{
"category": "description",
"text": "In der Cisco Adaptive Security Appliance (ASA) Software und Cisco Firepower Threat Defense (FTD) Software existieren mehrere Schwachstellen. Sie beruhen auf Fehlern bei der Verarbeitung von Daten in den Implementierungen von Internet Key Exchange Version 1 (IKEv1), Border Gateway Protocol (BGP), DHCP, DNS over IPv6, Media Gateway Control Protocol (MGCP), Open Shortest Path First (OSPF) und Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"1910",
"T016462"
]
},
"release_date": "2020-05-06T22:00:00Z",
"title": "CVE-2020-3305"
},
{
"cve": "CVE-2020-3306",
"notes": [
{
"category": "description",
"text": "In der Cisco Adaptive Security Appliance (ASA) Software und Cisco Firepower Threat Defense (FTD) Software existieren mehrere Schwachstellen. Sie beruhen auf Fehlern bei der Verarbeitung von Daten in den Implementierungen von Internet Key Exchange Version 1 (IKEv1), Border Gateway Protocol (BGP), DHCP, DNS over IPv6, Media Gateway Control Protocol (MGCP), Open Shortest Path First (OSPF) und Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"1910",
"T016462"
]
},
"release_date": "2020-05-06T22:00:00Z",
"title": "CVE-2020-3306"
},
{
"cve": "CVE-2020-3187",
"notes": [
{
"category": "description",
"text": "In der Cisco ASA (Adaptive Security Appliance) und Cisco Firepower Threat Defense (FTD) Software existiert eine Schwachstelle. Sie beruht auf einer unzureichenden Validierung \u00fcbermittelter HTTP URL. Ein entfernter anonymer Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten nutzen und vertrauliche Daten im Web Services Dateisystem einsehen oder l\u00f6schen. Dieses Dateisystem wird aktiviert, wenn das betroffene Ger\u00e4t entweder mit WebVPN- oder AnyConnect-Funktionen konfiguriert ist. Nach einem Neustart des Systems werden die gel\u00f6schten Daten aber wiederhergestellt."
}
],
"product_status": {
"known_affected": [
"1910",
"T016462"
]
},
"release_date": "2020-05-06T22:00:00Z",
"title": "CVE-2020-3187"
},
{
"cve": "CVE-2020-3259",
"notes": [
{
"category": "description",
"text": "In der Webservice Schnittstelle der Cisco Adaptive Security Appliance (ASA) Software und Cisco Firepower Threat Defense (FTD) Software existiert eine Schwachstelle. Sie beruht auf einem Fehler bei der Verarbeitung von Daten beim Parsen ung\u00fcltiger URL. Ein entfernter anonymer Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten nutzen und vertrauliche Informationen einsehen. Nur spezielle AnyConnect und WebVPN Konfigurationen sind von dieser Schwachstelle betroffen."
}
],
"product_status": {
"known_affected": [
"1910",
"T016462"
]
},
"release_date": "2020-05-06T22:00:00Z",
"title": "CVE-2020-3259"
}
]
}
cve-2020-3298
Vulnerability from cvelistv5
Published
2020-05-06 16:42
Modified
2024-11-15 17:23
Severity ?
EPSS score ?
Summary
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:21:25.840936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:23:34.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T16:42:07",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx"
}
],
"source": {
"advisory": "cisco-sa-asa-ftd-ospf-dos-RhMQY8qx",
"defect": [
[
"CSCvs50459"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-05-06T16:00:00-0700",
"ID": "CVE-2020-3298",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx"
}
]
},
"source": {
"advisory": "cisco-sa-asa-ftd-ospf-dos-RhMQY8qx",
"defect": [
[
"CSCvs50459"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3298",
"datePublished": "2020-05-06T16:42:07.687592Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:23:34.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3259
Vulnerability from cvelistv5
Published
2020-05-06 16:41
Modified
2024-10-24 17:40
Severity ?
EPSS score ?
Summary
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense",
"vendor": "cisco",
"versions": [
{
"lessThan": "6.2.3.16",
"status": "affected",
"version": "6.2.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense",
"vendor": "cisco",
"versions": [
{
"lessThan": "6.3.0.6",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense",
"vendor": "cisco",
"versions": [
{
"lessThan": "6.4.0.9",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense",
"vendor": "cisco",
"versions": [
{
"lessThan": "6.5.0.5",
"status": "affected",
"version": "6.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:adaptive_security_appliance_software:9.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaptive_security_appliance_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "9.8.4.20",
"status": "affected",
"version": "9.8",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:adaptive_security_appliance_software:9.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaptive_security_appliance_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "9.9.2..67",
"status": "affected",
"version": "9.9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:adaptive_security_appliance_software:9.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaptive_security_appliance_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "9.10.1.40",
"status": "affected",
"version": "9.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:adaptive_security_appliance_software:9.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaptive_security_appliance_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "9.12.3.9",
"status": "affected",
"version": "9.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:adaptive_security_appliance_software:9.13:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adaptive_security_appliance_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "9.13.1.10",
"status": "affected",
"version": "9.13",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3259",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T17:40:35.717209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-02-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3259"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T17:40:59.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:57.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T16:41:53",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB"
}
],
"source": {
"advisory": "cisco-sa-asaftd-info-disclose-9eJtycMB",
"defect": [
[
"CSCvt15163"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-05-06T16:00:00-0700",
"ID": "CVE-2020-3259",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB"
}
]
},
"source": {
"advisory": "cisco-sa-asaftd-info-disclose-9eJtycMB",
"defect": [
[
"CSCvt15163"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3259",
"datePublished": "2020-05-06T16:41:53.659113Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-10-24T17:40:59.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3306
Vulnerability from cvelistv5
Published
2020-05-06 16:42
Modified
2024-11-15 17:22
Severity ?
EPSS score ?
Summary
A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of certain DHCP packets. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-qk8cTGLz | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:57.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DHCP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-qk8cTGLz"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:28:32.330739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:22:34.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of certain DHCP packets. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T16:42:29",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DHCP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-qk8cTGLz"
}
],
"source": {
"advisory": "cisco-sa-asaftd-dos-qk8cTGLz",
"defect": [
[
"CSCvq41939"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DHCP Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-05-06T16:00:00-0700",
"ID": "CVE-2020-3306",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DHCP Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of certain DHCP packets. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.8",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DHCP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-qk8cTGLz"
}
]
},
"source": {
"advisory": "cisco-sa-asaftd-dos-qk8cTGLz",
"defect": [
[
"CSCvq41939"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3306",
"datePublished": "2020-05-06T16:42:30.062823Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:22:34.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3303
Vulnerability from cvelistv5
Published
2020-05-06 16:42
Modified
2024-11-15 17:23
Severity ?
EPSS score ?
Summary
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-BqYFRJt9 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:57.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-BqYFRJt9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:28:35.653177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:23:02.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T16:42:20",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-BqYFRJt9"
}
],
"source": {
"advisory": "cisco-sa-asa-dos-BqYFRJt9",
"defect": [
[
"CSCvq66080"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-05-06T16:00:00-0700",
"ID": "CVE-2020-3303",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.8",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-BqYFRJt9"
}
]
},
"source": {
"advisory": "cisco-sa-asa-dos-BqYFRJt9",
"defect": [
[
"CSCvq66080"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3303",
"datePublished": "2020-05-06T16:42:21.009228Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:23:02.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3305
Vulnerability from cvelistv5
Published
2020-05-06 16:42
Modified
2024-11-15 17:22
Severity ?
EPSS score ?
Summary
A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP packets. An attacker could exploit this vulnerability by sending a crafted BGP packet. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-P43GCE5j | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:57.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software BGP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-P43GCE5j"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:28:34.112185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:22:45.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP packets. An attacker could exploit this vulnerability by sending a crafted BGP packet. A successful exploit could allow the attacker to cause a DoS condition on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T16:42:25",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software BGP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-P43GCE5j"
}
],
"source": {
"advisory": "cisco-sa-asa-dos-P43GCE5j",
"defect": [
[
"CSCvq66092"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software BGP Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-05-06T16:00:00-0700",
"ID": "CVE-2020-3305",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software BGP Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP packets. An attacker could exploit this vulnerability by sending a crafted BGP packet. A successful exploit could allow the attacker to cause a DoS condition on the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.8",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software BGP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-P43GCE5j"
}
]
},
"source": {
"advisory": "cisco-sa-asa-dos-P43GCE5j",
"defect": [
[
"CSCvq66092"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3305",
"datePublished": "2020-05-06T16:42:25.564579Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:22:45.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3187
Vulnerability from cvelistv5
Published
2020-05-06 16:41
Modified
2024-11-15 17:25
Severity ?
EPSS score ?
Summary
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43 | vendor-advisory, x_refsource_CISCO | |
| http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:19:44.187201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:25:50.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-29T19:06:08",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html"
}
],
"source": {
"advisory": "cisco-sa-asaftd-path-JE3azWw43",
"defect": [
[
"CSCvr55825"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-05-06T16:00:00-0700",
"ID": "CVE-2020-3187",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "9.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43"
},
{
"name": "http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html"
}
]
},
"source": {
"advisory": "cisco-sa-asaftd-path-JE3azWw43",
"defect": [
[
"CSCvr55825"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3187",
"datePublished": "2020-05-06T16:41:01.588678Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:25:50.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3196
Vulnerability from cvelistv5
Published
2020-05-06 16:41
Modified
2024-11-15 17:25
Severity ?
EPSS score ?
Summary
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:21:37.712968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:25:01.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T16:41:25",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"
}
],
"source": {
"advisory": "cisco-sa-asa-ssl-vpn-dos-qY7BHpjN",
"defect": [
[
"CSCvp49481",
"CSCvp93468"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-05-06T16:00:00-0700",
"ID": "CVE-2020-3196",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"
}
]
},
"source": {
"advisory": "cisco-sa-asa-ssl-vpn-dos-qY7BHpjN",
"defect": [
[
"CSCvp49481",
"CSCvp93468"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3196",
"datePublished": "2020-05-06T16:41:25.710083Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:25:01.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3191
Vulnerability from cvelistv5
Published
2020-05-06 16:41
Modified
2024-11-15 17:25
Severity ?
EPSS score ?
Summary
A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:21:41.163420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:25:21.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T16:41:16",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k"
}
],
"source": {
"advisory": "cisco-sa-asaftd-ipv6-67pA658k",
"defect": [
[
"CSCvr07419"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-05-06T16:00:00-0700",
"ID": "CVE-2020-3191",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k"
}
]
},
"source": {
"advisory": "cisco-sa-asaftd-ipv6-67pA658k",
"defect": [
[
"CSCvr07419"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3191",
"datePublished": "2020-05-06T16:41:16.093868Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:25:21.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3254
Vulnerability from cvelistv5
Published
2020-05-06 16:41
Modified
2024-11-15 17:24
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device. An exploit could allow the attacker to cause memory exhaustion resulting in a restart of an affected device, causing a DoS condition for traffic traversing the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:21:31.051963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:24:31.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device. An exploit could allow the attacker to cause memory exhaustion resulting in a restart of an affected device, causing a DoS condition for traffic traversing the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T16:41:39",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH"
}
],
"source": {
"advisory": "cisco-sa-asaftd-mgcp-SUqB8VKH",
"defect": [
[
"CSCvp16945",
"CSCvp16949"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-05-06T16:00:00-0700",
"ID": "CVE-2020-3254",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device. An exploit could allow the attacker to cause memory exhaustion resulting in a restart of an affected device, causing a DoS condition for traffic traversing the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH"
}
]
},
"source": {
"advisory": "cisco-sa-asaftd-mgcp-SUqB8VKH",
"defect": [
[
"CSCvp16945",
"CSCvp16949"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3254",
"datePublished": "2020-05-06T16:41:39.894758Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:24:31.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3195
Vulnerability from cvelistv5
Published
2020-05-06 16:41
Modified
2024-11-15 17:25
Severity ?
EPSS score ?
Summary
A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:21:39.307576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:25:12.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T16:41:20",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv"
}
],
"source": {
"advisory": "cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv",
"defect": [
[
"CSCvr92168"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-05-06T16:00:00-0700",
"ID": "CVE-2020-3195",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv"
}
]
},
"source": {
"advisory": "cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv",
"defect": [
[
"CSCvr92168"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3195",
"datePublished": "2020-05-06T16:41:20.907510Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:25:12.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.