FKIE_CVE-2020-3298

Vulnerability from fkie_nvd - Published: 2020-05-06 17:15 - Updated: 2024-11-21 05:30
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qxVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qxVendor Advisory
Impacted products
Vendor Product Version
cisco firepower_threat_defense *
cisco firepower_threat_defense *
cisco firepower_threat_defense *
cisco firepower_threat_defense *
cisco adaptive_security_appliance_software *
cisco adaptive_security_appliance_software *
cisco adaptive_security_appliance_software *
cisco adaptive_security_appliance_software *
cisco adaptive_security_appliance_software *
cisco adaptive_security_appliance_software *
cisco asa_5506-x -
cisco asa_5506h-x -
cisco asa_5506w-x -
cisco asa_5508-x -
cisco asa_5516-x -
cisco asa_5525-x -
cisco asa_5545-x -
cisco asa_5555-x -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46DDBB75-7B47-4643-B21C-BBEE79219CF7",
              "versionEndExcluding": "6.2.3.16",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D27DE97-510A-4761-8184-6940745B54E2",
              "versionEndExcluding": "6.3.0.6",
              "versionStartIncluding": "6.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06741056-2BFD-4F88-917A-F581F813B69E",
              "versionEndExcluding": "6.4.0.9",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED0E59C-146C-494F-AD46-F6FB43F9C575",
              "versionEndExcluding": "6.5.0.5",
              "versionStartIncluding": "6.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0416549-80B2-43CC-8262-16E62E6E2C0B",
              "versionEndIncluding": "9.6.4.40",
              "versionStartIncluding": "9.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82AB4456-2388-4589-8E2E-D33C86BE0732",
              "versionEndIncluding": "9.8.4.17",
              "versionStartIncluding": "9.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A72B81B-9E34-4678-9FF3-ABC10EF8507A",
              "versionEndIncluding": "9.9.2.66",
              "versionStartIncluding": "9.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E54459C-1CC6-439E-8098-114633208DF0",
              "versionEndIncluding": "9.10.1.37",
              "versionStartIncluding": "9.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD451334-9385-44E5-960C-69C1AE84F712",
              "versionEndIncluding": "9.12.3.7",
              "versionStartIncluding": "9.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6D0DDB-426C-4E38-805B-0FCBF9A7AA71",
              "versionEndIncluding": "9.13.1.7",
              "versionStartIncluding": "9.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5506-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "763B801D-CA1E-4C56-8B06-3373EA307C7E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5506h-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30AC6907-3091-409F-967D-64A82A0C5A8C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5506w-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11AF728-8EB0-45EB-A7DD-F2D52B3BB7B8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5508-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92AE506A-E710-465B-B795-470FDE0E0ECA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5516-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E07AF10-FFB2-4AC7-BBE7-199C3EFED81F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n de Open Shortest Path First (OSPF) del Cisco Adaptive Security Appliance (ASA) Software y el Cisco Firepower Threat Defense (FTD) Software, podr\u00eda permitir a un atacante remoto no autenticado causar el reinicio de un dispositivo afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a mecanismos de protecci\u00f3n de memoria inapropiados mientras se procesan determinados paquetes OSPF. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una serie de paquetes OSPF malformados en un corta trama de tiempo hacia un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante causar un reinicio del dispositivo afectado, resultando en una condici\u00f3n DoS para el tr\u00e1fico del cliente que atraviesa el dispositivo."
    }
  ],
  "id": "CVE-2020-3298",
  "lastModified": "2024-11-21T05:30:45.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-06T17:15:12.963",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.