CVE-2020-3196
Published May 6, 2020
Last updated a year ago
Overview
- Description
- A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4B2E5D3-ED34-4A7E-BD8F-8492B6737677", "versionEndExcluding": "6.2.3.16", "versionStartIncluding": "6.2.3" }, { "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D27DE97-510A-4761-8184-6940745B54E2", "versionEndExcluding": "6.3.0.6", "versionStartIncluding": "6.3.0" }, { "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06741056-2BFD-4F88-917A-F581F813B69E", "versionEndExcluding": "6.4.0.9", "versionStartIncluding": "6.4.0" }, { "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ED0E59C-146C-494F-AD46-F6FB43F9C575", "versionEndExcluding": "6.5.0.5", "versionStartIncluding": "6.5.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5221CFEE-6FBF-44E4-8DB1-592BE809E4B3" }, { "criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A093039-37B1-4EAE-9905-85916BEBF5B3" }, { "criteria": "cpe:2.3:o:cisco:asa_5505_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C36ED08-6819-4BC4-9BDB-FD490CED1877" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E9CBD3A-F426-4E13-BAAB-1AE1ED7400E7" }, { "criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE2C0163-BBB7-45AD-8F4E-FA929FC15008" }, { "criteria": "cpe:2.3:o:cisco:asa_5510_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC5BE91D-FF59-42CC-BF9B-8C019ACDA3E9" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B091B9BA-D4CA-435B-8D66-602B45F0E0BD" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33D660B9-A5B8-497D-8820-24ED84E93CE6" }, { "criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7931908-4F0B-47E0-AA9F-0D6C58B58607" }, { "criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F6AE2D7-5B7B-4883-93D1-4A3232761E16" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09DB9B53-5F40-4262-8520-23827593FA75" }, { "criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8990E7B1-E256-48DC-A91D-E7A369CA140B" }, { "criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1B82BE6-AD49-4EC9-A4CE-6F56EF123BF8" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "993BCB8D-6F0A-40FE-BB35-6721C4AF51B3" }, { "criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CDF3D71-3674-483A-A860-CB908FEAF38B" }, { "criteria": "cpe:2.3:o:cisco:asa_5520_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11BBB96D-3921-4DC4-9A05-0CCF2F9D48F0" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5520:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B387F62-6341-434D-903F-9B72E7F84ECB" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32970E7C-89EB-49AB-8397-D44D59047940" }, { "criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8EC08D0-0A8F-4846-83B1-5059D8B270F3" }, { "criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64B3A25A-48EA-440B-BFA9-F90316C93396" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CA91C35-A8BE-4766-B4B4-86B185F16467" }, { "criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC09B403-0051-441A-A3D3-B790DD60F7F5" }, { "criteria": "cpe:2.3:o:cisco:asa_5540_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "393228AB-D0BC-41AC-92E7-40F7E0399BDD" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17C5A524-E1D9-480F-B655-0680AA5BF720" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B63F6AD6-6084-427B-8530-C2FDABCAD1D4" }, { "criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5536B015-5F7E-4CB4-B11B-CDA0DB9879AD" }, { "criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7175A1A-92AB-4005-B341-A3C99BD24701" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E6287D95-F564-44B7-A0F9-91396D7C2C4E" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "809A29EF-DDD9-47E4-AB84-F4CE412621B9" }, { "criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C79FCA1-BC64-45C8-A30A-0D97A77BB26F" }, { "criteria": "cpe:2.3:o:cisco:asa_5550_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55EDCE66-9336-437D-ABF1-C2B3429D10C4" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C3D9650-E3FE-42BA-A94D-3D457477BAC0" }, { "criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D89517A-EBBA-49EB-BBDD-9A99D2AFD79B" }, { "criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4511E447-F8F8-44C8-8751-375519AD01A1" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFE1487B-1A2E-452A-B994-F5AE6745DD5A" }, { "criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF86FD93-6AFA-4226-A0BC-8BFE87F49026" }, { "criteria": "cpe:2.3:o:cisco:asa_5580_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E8402E-E457-4957-B19A-8CFAAF9083FC" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A372D7A8-CAF1-4500-8C32-0B7D511096B1" }, { "criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1A654F5-CEC9-43E7-A38F-72F26073ABC8" }, { "criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65AD1473-6DEF-46AA-B5F9-955ACB434DE9" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF907DBB-5201-49EC-92C5-3BD3752BDECC", "versionEndExcluding": "9.6.4.40", "versionStartIncluding": "9.6" }, { "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEB1AF51-43DA-4399-8264-E0A2E629F799", "versionEndExcluding": "9.8.4.20", "versionStartIncluding": "9.8" }, { "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE81D32-51D0-41F7-B06B-0750DCB1F589", "versionEndExcluding": "9.9.2.66", "versionStartIncluding": "9.9" }, { "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49FFDB02-2944-4B31-BBC0-30E60BA9F9D1", "versionEndExcluding": "9.10.1.37", "versionStartIncluding": "9.10" }, { "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BDBCE56-8434-43B5-A172-5A63536D9E9F", "versionEndExcluding": "9.12.3.2", "versionStartIncluding": "9.12" }, { "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE14B138-4EED-43E1-A8F1-0D16F4A761C0", "versionEndExcluding": "9.13.1.7", "versionStartIncluding": "9.13" } ], "operator": "OR" } ] } ]