Lucene search

CiscoCVE-2020-3529

HistoryOct 21, 2020 - 7:15 p.m.

CVE-2020-3529

2020-10-2119:15:16

CWE-400

cisco

web.nvd.nist.gov

cve-2020-3529

cisco

asa

ftd

ssl vpn

dos

vulnerability

nvd

security

dma

memory management

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted Datagram TLS (DTLS) traffic to an affected device. A successful exploit could allow the attacker to exhaust DMA memory on the device and cause a DoS condition.

Affected configurations

Nvd

Node

ciscoadaptive_security_applianceRange<9.6.4.45

ciscofirepower_threat_defenseRange<6.3.0.6

ciscofirepower_threat_defenseRange6.4.0–6.4.0.10

ciscofirepower_threat_defenseRange6.5.0–6.5.0.5

ciscofirepower_threat_defenseRange6.6.0–6.6.1

ciscoadaptive_security_appliance_softwareRange9.8.0–9.8.4.29

ciscoadaptive_security_appliance_softwareRange9.9.0–9.9.2.80

ciscoadaptive_security_appliance_softwareRange9.10.0–9.10.1.44

ciscoadaptive_security_appliance_softwareRange9.12.0–9.12.4.4

ciscoadaptive_security_appliance_softwareRange9.13.0–9.13.1.13

ciscoadaptive_security_appliance_softwareRange9.14.0–9.14.1.30

VendorProductVersionCPE
ciscoadaptive_security_appliance*cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*
ciscofirepower_threat_defense*cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software*cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance	*	cpe:2.3:a:cisco:adaptive_security_appliance::::::::
cisco	firepower_threat_defense	*	cpe:2.3:a:cisco:firepower_threat_defense::::::::
cisco	adaptive_security_appliance_software	*	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

CNA Affected

[
  {
    "product": "Cisco Adaptive Security Appliance (ASA) Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2020-3529