CVE-2020-3189
Published May 6, 2020
Last updated 3 years ago
Overview
- Description
- A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak that can deplete system memory over time, which can cause unexpected system behaviors or device crashes. The vulnerability is due to the system memory not being properly freed for a VPN System Logging event generated when a VPN session is created or deleted. An attacker could exploit this vulnerability by repeatedly creating or deleting a VPN tunnel connection, which could leak a small amount of system memory for each logging event. A successful exploit could allow the attacker to cause system memory depletion, which can lead to a systemwide denial of service (DoS) condition. The attacker does not have any control of whether VPN System Logging is configured or not on the device, but it is enabled by default.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEA0DD43-D206-4C1C-8B17-DA47F96B3BAC"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1983172D-4F52-479F-BF14-A84B92D36864"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4122D982-A57A-4249-A8DC-CE9FC6C98803"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96464380-F665-4266-B0AD-693E078C9F82"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A83DD80F-BA91-4963-9BCB-86E29CDBCD40"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C449D684-DD47-4468-94FE-6A982526F97A"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58C9BCE5-B172-42B6-9389-9FD5F9A3ADA0"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83E09189-E7D4-448D-888C-9E4D3E4EA564"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0124350A-B946-4E2E-9022-91F36283FD1F"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9D810C9-F8C0-48E1-A9C4-7129395B5E1C"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68D1BC56-7726-4EEC-8110-3FEDF3EC8569"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3583465E-A714-4E4C-8837-664E0330FB6A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B091B9BA-D4CA-435B-8D66-602B45F0E0BD"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "445B2018-0C36-4548-AA11-5FCD114957B7"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11618BDC-57E9-44BA-981E-BF9BEE7633E3"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F79B47C-4232-42E2-BAB3-DCE6C93230FB"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC3E2912-C2EC-4045-A44D-52F693671F27"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "296C12B8-B49C-4D54-802C-B839973598E7"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "650591E6-FA4E-41E7-9763-FDD8D77F38E1"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0455258-89B5-4AEC-AAC2-FD685B72729E"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5180544-7770-41FA-844C-125C302D8907"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7DFA877-2983-49DC-9C51-1C8BC9E3C0B3"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE8C8C2B-D0E6-45F6-AD44-8E76D35FB6AE"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E83543B-10E8-4B08-9158-7B10E18F862A"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41BFD9DB-FE0B-4B67-B80C-489117AD7A6D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5520:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2B387F62-6341-434D-903F-9B72E7F84ECB"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "925F2CEC-99EA-40AF-827C-A002900041B7"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B2157FD-BE9D-4AEA-B25C-0394CDC253EE"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F215BAC-E847-43EC-8808-635E242765C3"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C87C4B68-76B2-4C8A-86E9-4D82765DCD59"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A2E5A45-7AA9-43F1-A937-7EA588CA306D"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93731F51-393C-41F3-BE74-54177E18F03D"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B288C31-5F92-4BB6-9794-9D6D69863A40"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "235647DF-756E-4777-B4B1-71A40FE2CD85"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5540:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "17C5A524-E1D9-480F-B655-0680AA5BF720"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18F1F84D-1BDC-4C83-9AFD-8D6A7C4ECBF2"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "784CDAC9-AD3C-4D46-B410-5629190E4DE7"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D39DC81A-2C34-4A70-9E40-CCE5B1F7FF5A"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99E0CA51-3368-4240-B5BA-DEE5A32DE82C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "670A91E8-730B-4201-9CAA-5B0436EDDAF8"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58C4F7BC-82AC-4DE9-AE02-CF5D9808F4C4"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C02BD5BE-487C-444A-87B4-65CB1476C04E"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3656E96E-0895-4B19-B911-6FB2B2D3408E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E6287D95-F564-44B7-A0F9-91396D7C2C4E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C3147FE-8A2B-4147-903B-1ED59C020B70"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B00D280-ABE5-4DB9-A84D-B2D8C580B4E2"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D818573-0DC3-40AA-B46E-D04A9EF4DD7F"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "099556C2-795B-418B-B5F6-56A9A345E882"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E83C904-A31F-4883-9967-675C1C850BA1"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBBF331E-193C-47C7-84F6-11453BA27D76"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DE6A20D-BEA2-4F90-90AB-0D8567611C42"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1069262-8BA1-491A-A2B0-566155947994"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.9\\(2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B98477E0-C039-454A-A1BE-7423E0E467A6"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.9\\(2.21\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F57B80B9-FF2E-40BB-AAEE-944A30753037"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.9\\(2.52\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "732AB027-F0BA-4B90-A13C-D4F61816CF7B"
},
{
"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.9\\(2.55\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D47315CF-94A5-4CD8-87F8-0A7FE923104A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]