Vulnerability-Lookup

CVE-2020-3196 (GCVE-0-2020-3196)

Vulnerability from cvelistv5 – Published: 2020-05-06 16:41 – Updated: 2024-11-15 17:25

Title

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability

Summary

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device.

Severity ?

8.6 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-400

Assigner

cisco

References

URL

	Vendor	Product	Version
	Cisco	Cisco Adaptive Security Appliance (ASA) Software	Affected: n/a

FKIE_CVE-2020-3196

Vulnerability from fkie_nvd - Published: 2020-05-06 17:15 - Updated: 2024-11-21 05:30

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	firepower_threat_defense	*
cisco	firepower_threat_defense	*
cisco	firepower_threat_defense	*
cisco	firepower_threat_defense	*
cisco	asa_5505_firmware	9.4\(4\)
cisco	asa_5505_firmware	9.8\(4.18\)
cisco	asa_5505_firmware	100.13\(0\)
cisco	asa_5505	-
cisco	asa_5510_firmware	9.4\(4\)
cisco	asa_5510_firmware	9.8\(4.18\)
cisco	asa_5510_firmware	100.13\(0\)
cisco	asa_5510	-
cisco	asa_5512-x_firmware	9.4\(4\)
cisco	asa_5512-x_firmware	9.8\(4.18\)
cisco	asa_5512-x_firmware	100.13\(0\)
cisco	asa_5512-x	-
cisco	asa_5515-x_firmware	9.4\(4\)
cisco	asa_5515-x_firmware	9.8\(4.18\)
cisco	asa_5515-x_firmware	100.13\(0\)
cisco	asa_5515-x	-
cisco	asa_5520_firmware	9.4\(4\)
cisco	asa_5520_firmware	9.8\(4.18\)
cisco	asa_5520_firmware	100.13\(0\)
cisco	asa_5520	-
cisco	asa_5525-x_firmware	9.4\(4\)
cisco	asa_5525-x_firmware	9.8\(4.18\)
cisco	asa_5525-x_firmware	100.13\(0\)
cisco	asa_5525-x	-
cisco	asa_5540_firmware	9.4\(4\)
cisco	asa_5540_firmware	9.8\(4.18\)
cisco	asa_5540_firmware	100.13\(0\)
cisco	asa_5540	-
cisco	asa_5545-x_firmware	9.4\(4\)
cisco	asa_5545-x_firmware	9.8\(4.18\)
cisco	asa_5545-x_firmware	100.13\(0\)
cisco	asa_5545-x	-
cisco	asa_5550_firmware	9.4\(4\)
cisco	asa_5550_firmware	9.8\(4.18\)
cisco	asa_5550_firmware	100.13\(0\)
cisco	asa_5550	-
cisco	asa_5555-x_firmware	9.4\(4\)
cisco	asa_5555-x_firmware	9.8\(4.18\)
cisco	asa_5555-x_firmware	100.13\(0\)
cisco	asa_5555-x	-
cisco	asa_5580_firmware	9.4\(4\)
cisco	asa_5580_firmware	9.8\(4.18\)
cisco	asa_5580_firmware	100.13\(0\)
cisco	asa_5580	-
cisco	asa_5585-x_firmware	9.4\(4\)
cisco	asa_5585-x_firmware	9.8\(4.18\)
cisco	asa_5585-x_firmware	100.13\(0\)
cisco	asa_5585-x	-
cisco	adaptive_security_appliance_software	*
cisco	adaptive_security_appliance_software	*
cisco	adaptive_security_appliance_software	*
cisco	adaptive_security_appliance_software	*
cisco	adaptive_security_appliance_software	*
cisco	adaptive_security_appliance_software	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B2E5D3-ED34-4A7E-BD8F-8492B6737677",
              "versionEndExcluding": "6.2.3.16",
              "versionStartIncluding": "6.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D27DE97-510A-4761-8184-6940745B54E2",
              "versionEndExcluding": "6.3.0.6",
              "versionStartIncluding": "6.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06741056-2BFD-4F88-917A-F581F813B69E",
              "versionEndExcluding": "6.4.0.9",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED0E59C-146C-494F-AD46-F6FB43F9C575",
              "versionEndExcluding": "6.5.0.5",
              "versionStartIncluding": "6.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5221CFEE-6FBF-44E4-8DB1-592BE809E4B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8A093039-37B1-4EAE-9905-85916BEBF5B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5505_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8C36ED08-6819-4BC4-9BDB-FD490CED1877",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1E9CBD3A-F426-4E13-BAAB-1AE1ED7400E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DE2C0163-BBB7-45AD-8F4E-FA929FC15008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5510_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DC5BE91D-FF59-42CC-BF9B-8C019ACDA3E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B091B9BA-D4CA-435B-8D66-602B45F0E0BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "33D660B9-A5B8-497D-8820-24ED84E93CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E7931908-4F0B-47E0-AA9F-0D6C58B58607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1F6AE2D7-5B7B-4883-93D1-4A3232761E16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09DB9B53-5F40-4262-8520-23827593FA75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8990E7B1-E256-48DC-A91D-E7A369CA140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D1B82BE6-AD49-4EC9-A4CE-6F56EF123BF8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "993BCB8D-6F0A-40FE-BB35-6721C4AF51B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3CDF3D71-3674-483A-A860-CB908FEAF38B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5520_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "11BBB96D-3921-4DC4-9A05-0CCF2F9D48F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5520:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B387F62-6341-434D-903F-9B72E7F84ECB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "32970E7C-89EB-49AB-8397-D44D59047940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F8EC08D0-0A8F-4846-83B1-5059D8B270F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "64B3A25A-48EA-440B-BFA9-F90316C93396",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA91C35-A8BE-4766-B4B4-86B185F16467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CC09B403-0051-441A-A3D3-B790DD60F7F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5540_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "393228AB-D0BC-41AC-92E7-40F7E0399BDD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C5A524-E1D9-480F-B655-0680AA5BF720",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B63F6AD6-6084-427B-8530-C2FDABCAD1D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5536B015-5F7E-4CB4-B11B-CDA0DB9879AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C7175A1A-92AB-4005-B341-A3C99BD24701",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "809A29EF-DDD9-47E4-AB84-F4CE412621B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5C79FCA1-BC64-45C8-A30A-0D97A77BB26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5550_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "55EDCE66-9336-437D-ABF1-C2B3429D10C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6287D95-F564-44B7-A0F9-91396D7C2C4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2C3D9650-E3FE-42BA-A94D-3D457477BAC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7D89517A-EBBA-49EB-BBDD-9A99D2AFD79B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4511E447-F8F8-44C8-8751-375519AD01A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE1487B-1A2E-452A-B994-F5AE6745DD5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EF86FD93-6AFA-4226-A0BC-8BFE87F49026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5580_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E8402E-E457-4957-B19A-8CFAAF9083FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A372D7A8-CAF1-4500-8C32-0B7D511096B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C1A654F5-CEC9-43E7-A38F-72F26073ABC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "65AD1473-6DEF-46AA-B5F9-955ACB434DE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF907DBB-5201-49EC-92C5-3BD3752BDECC",
              "versionEndExcluding": "9.6.4.40",
              "versionStartIncluding": "9.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEB1AF51-43DA-4399-8264-E0A2E629F799",
              "versionEndExcluding": "9.8.4.20",
              "versionStartIncluding": "9.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE81D32-51D0-41F7-B06B-0750DCB1F589",
              "versionEndExcluding": "9.9.2.66",
              "versionStartIncluding": "9.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FFDB02-2944-4B31-BBC0-30E60BA9F9D1",
              "versionEndExcluding": "9.10.1.37",
              "versionStartIncluding": "9.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BDBCE56-8434-43B5-A172-5A63536D9E9F",
              "versionEndExcluding": "9.12.3.2",
              "versionStartIncluding": "9.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE14B138-4EED-43E1-A8F1-0D16F4A761C0",
              "versionEndExcluding": "9.13.1.7",
              "versionStartIncluding": "9.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el manejador de Secure Sockets Layer (SSL)/Transport Layer Security (TLS) del Cisco Adaptive Security Appliance (ASA) Software y el Cisco Firepower Threat Defense (FTD) Software, podr\u00eda permitir a un atacante remoto no autenticado agotar los recursos de la memoria sobre el dispositivo afectado, conllevando a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a una administraci\u00f3n de recursos inapropiada para las conexiones entrantes SSL/TLS. Un atacante podr\u00eda explotar esta vulnerabilidad al establecer m\u00faltiples conexiones SSL/TLS con condiciones espec\u00edficas para el dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante agotar la memoria en el dispositivo afectado, causando que el dispositivo deje de aceptar nuevas conexiones SSL/TLS y resultando en una condici\u00f3n DoS para los servicios en el dispositivo que procesa el tr\u00e1fico SSL/TLS. Es requerida una intervenci\u00f3n manual para recuperar un dispositivo afectado."
    }
  ],
  "id": "CVE-2020-3196",
  "lastModified": "2024-11-21T05:30:31.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-06T17:15:12.417",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-3196

Vulnerability from fstec - Published: 05.05.2020

Title

Description

Уязвимость реализации протоколов Secure Sockets Layer и Transport Layer Security микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Configure Firepower Threat Defense (FTD) связана с неконтролируемым расходом ресурса. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Firepower Threat Defense, Adaptive Security Appliance

Software Version

от 6.2.3 до 6.2.3.16 (Firepower Threat Defense), от 6.3.0 до 6.3.0.6 (Firepower Threat Defense), от 9.6 до 9.6.4.40 (Adaptive Security Appliance), от 9.9 до 9.9.2.66 (Adaptive Security Appliance), от 9.12 до 9.12.3.2 (Adaptive Security Appliance), от 9.13 до 9.13.1.7 (Adaptive Security Appliance), от 6.4.0 до 6.4.0.9 (Firepower Threat Defense), от 6.5.0 до 6.5.0.5 (Firepower Threat Defense), от 9.8 до 9.8.4.20 (Adaptive Security Appliance)

Possible Mitigations

Использование рекомендаций: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3196

CWE

CWE-400

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 6.2.3 \u0434\u043e 6.2.3.16 (Firepower Threat Defense), \u043e\u0442 6.3.0 \u0434\u043e 6.3.0.6 (Firepower Threat Defense), \u043e\u0442 9.6 \u0434\u043e 9.6.4.40 (Adaptive Security Appliance), \u043e\u0442 9.9 \u0434\u043e 9.9.2.66 (Adaptive Security Appliance), \u043e\u0442 9.12 \u0434\u043e 9.12.3.2 (Adaptive Security Appliance), \u043e\u0442 9.13 \u0434\u043e 9.13.1.7 (Adaptive Security Appliance), \u043e\u0442 6.4.0 \u0434\u043e 6.4.0.9 (Firepower Threat Defense), \u043e\u0442 6.5.0 \u0434\u043e 6.5.0.5 (Firepower Threat Defense), \u043e\u0442 9.8 \u0434\u043e 9.8.4.20 (Adaptive Security Appliance)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.05.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.05.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.05.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02145",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-3196",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Firepower Threat Defense, Adaptive Security Appliance",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Secure Sockets Layer \u0438 Transport Layer Security \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432\u00a0Cisco\u00a0Adaptive\u00a0Security\u00a0Appliance\u00a0(ASA) \u0438 Configure Firepower Threat Defense (FTD), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Secure Sockets Layer \u0438 Transport Layer Security \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432\u00a0Cisco\u00a0Adaptive\u00a0Security\u00a0Appliance\u00a0(ASA) \u0438 Configure Firepower Threat Defense (FTD) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3196",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}

GSD-2020-3196

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-3196

Aliases

CVE-2020-3196

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-3196",
    "description": "A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device.",
    "id": "GSD-2020-3196"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-3196"
      ],
      "details": "A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device.",
      "id": "GSD-2020-3196",
      "modified": "2023-12-13T01:22:10.528890Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2020-05-06T16:00:00-0700",
        "ID": "CVE-2020-3196",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Adaptive Security Appliance (ASA) Software ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "8.6",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-400"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-asa-ssl-vpn-dos-qY7BHpjN",
        "defect": [
          [
            "CSCvp49481",
            "CSCvp93468"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.5.0.5",
                "versionStartIncluding": "6.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.0.9",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.3.0.6",
                "versionStartIncluding": "6.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.3.16",
                "versionStartIncluding": "6.2.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5505_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5505_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5505_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5510_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5510_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5510_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5512-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5515-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5520_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5520_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5520_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5520:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5525-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5540_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5540_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5540_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5540:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5545-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5550_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5550_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5550_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5555-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5580_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5580_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5580_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:asa_5585-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.8.4.20",
                "versionStartIncluding": "9.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.9.2.66",
                "versionStartIncluding": "9.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.13.1.7",
                "versionStartIncluding": "9.13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.10.1.37",
                "versionStartIncluding": "9.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.12.3.2",
                "versionStartIncluding": "9.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.6.4.40",
                "versionStartIncluding": "9.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2020-3196"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200506 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2023-08-16T16:17Z",
      "publishedDate": "2020-05-06T17:15Z"
    }
  }
}

CNVD-2020-31104

Vulnerability from cnvd - Published: 2020-06-02

Title

Cisco Firepower Threat Defense和Adaptive Security Appliances Software拒绝服务漏洞（CNVD-2020-31104）

Description

Cisco Firepower Threat Defense（FTD）和Cisco Adaptive Security Appliances Software（ASA Software）都是美国思科（Cisco）公司的产品。Cisco Firepower Threat Defense是一套提供下一代防火墙服务的统一软件。Cisco Adaptive Security Appliances Software是一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。 Cisco ASA Software和FTD Software中的Secure Sockets Layer (SSL)/Transport Layer Security (TLS)处理器存在拒绝服务漏洞，该漏洞源于对所接收到SSL/TLS连接，程序未能进行正确的资源管理，远程攻击者可通过创建多个SSL/TLS连接利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Cisco Firepower Threat Defense和Adaptive Security Appliances Software拒绝服务漏洞（CNVD-2020-31104）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-3196

Impacted products

Name
['Cisco Firepower Threat Defense Software', 'Cisco Adaptive Security Appliances Software']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3196"
    }
  },
  "description": "Cisco Firepower Threat Defense\uff08FTD\uff09\u548cCisco Adaptive Security Appliances Software\uff08ASA Software\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Firepower Threat Defense\u662f\u4e00\u5957\u63d0\u4f9b\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u670d\u52a1\u7684\u7edf\u4e00\u8f6f\u4ef6\u3002Cisco Adaptive Security Appliances Software\u662f\u4e00\u5957\u9632\u706b\u5899\u548c\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u4e86\u5bf9\u6570\u636e\u548c\u7f51\u7edc\u8d44\u6e90\u7684\u9ad8\u5ea6\u5b89\u5168\u7684\u8bbf\u95ee\u7b49\u529f\u80fd\u3002\n\nCisco ASA Software\u548cFTD Software\u4e2d\u7684Secure Sockets Layer (SSL)/Transport Layer Security (TLS)\u5904\u7406\u5668\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u6240\u63a5\u6536\u5230SSL/TLS\u8fde\u63a5\uff0c\u7a0b\u5e8f\u672a\u80fd\u8fdb\u884c\u6b63\u786e\u7684\u8d44\u6e90\u7ba1\u7406\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u521b\u5efa\u591a\u4e2aSSL/TLS\u8fde\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-31104",
  "openTime": "2020-06-02",
  "patchDescription": "Cisco Firepower Threat Defense\uff08FTD\uff09\u548cCisco Adaptive Security Appliances Software\uff08ASA Software\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Firepower Threat Defense\u662f\u4e00\u5957\u63d0\u4f9b\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u670d\u52a1\u7684\u7edf\u4e00\u8f6f\u4ef6\u3002Cisco Adaptive Security Appliances Software\u662f\u4e00\u5957\u9632\u706b\u5899\u548c\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u4e86\u5bf9\u6570\u636e\u548c\u7f51\u7edc\u8d44\u6e90\u7684\u9ad8\u5ea6\u5b89\u5168\u7684\u8bbf\u95ee\u7b49\u529f\u80fd\u3002\r\n\r\nCisco ASA Software\u548cFTD Software\u4e2d\u7684Secure Sockets Layer (SSL)/Transport Layer Security (TLS)\u5904\u7406\u5668\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u6240\u63a5\u6536\u5230SSL/TLS\u8fde\u63a5\uff0c\u7a0b\u5e8f\u672a\u80fd\u8fdb\u884c\u6b63\u786e\u7684\u8d44\u6e90\u7ba1\u7406\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u521b\u5efa\u591a\u4e2aSSL/TLS\u8fde\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Firepower Threat Defense\u548cAdaptive Security Appliances Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-31104\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Firepower Threat Defense Software",
      "Cisco Adaptive Security Appliances Software"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-3196",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-07",
  "title": "Cisco Firepower Threat Defense\u548cAdaptive Security Appliances Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-31104\uff09"
}

CERTFR-2020-AVI-274

Vulnerability from certfr_avis - Published: 2020-05-07 - Updated: 2020-05-07

De multiples vulnérabilités ont été découvertes dans les produits Cisco Adaptive Security Appliance et Firepower Threat Defense. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Note de l'éditeur :

les correctifs pour Cisco ASA ne sont pas disponibles pour les versions antérieures à 9.8, l'éditeur recommande de migrer vers une version plus récente ;
les correctifs pour Cisco FTD ne sont pas disponibles pour les versions antérieures à 6.2.3, l'éditeur recommande de migrer vers une version plus récente.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Firepower Threat Defense	Firepower Threat Defense (FTD) sur la plate-forme Firepower 1000 versions antérieures à 6.4.0.9, 6.5.0.5 et 6.6.0
Cisco	Firepower Threat Defense	Firepower Threat Defense (FTD) versions antérieures à 6.2.3.16, 6.3.0.6, 6.4.0.9, 6.5.0.5 et 6.6.0
Cisco	Adaptive Security Appliance	Adaptive Security Appliance (ASA) versions antérieures à 9.8.4.20, 9.9.2.67, 9.10.1.39, 9.12.3.9 et 9.13.1.10

References

Title

Publication Time

GHSA-57VC-VMWG-PG76

Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2023-08-16 18:30

Details

Severity ?

8.6 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-3196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-06T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device.",
  "id": "GHSA-57vc-vmwg-pg76",
  "modified": "2023-08-16T18:30:18Z",
  "published": "2022-05-24T17:17:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3196"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-3196 (GCVE-0-2020-3196)

FKIE_CVE-2020-3196

CVE-2020-3196

GSD-2020-3196

CNVD-2020-31104

CERTFR-2020-AVI-274

Solution

GHSA-57VC-VMWG-PG76

Tags

Sightings

Nomenclature