CVE-2020-3196

Published May 6, 2020
Last updated 3 months ago
CVSS high 8.6
Overview

Description: A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device.
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity: HIGH
CVSS 3.0

Type: Secondary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses

ykramarz@cisco.com: CWE-400
nvd@nist.gov: CWE-400
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4B2E5D3-ED34-4A7E-BD8F-8492B6737677",
            "versionEndExcluding": "6.2.3.16",
            "versionStartIncluding": "6.2.3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D27DE97-510A-4761-8184-6940745B54E2",
            "versionEndExcluding": "6.3.0.6",
            "versionStartIncluding": "6.3.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06741056-2BFD-4F88-917A-F581F813B69E",
            "versionEndExcluding": "6.4.0.9",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3ED0E59C-146C-494F-AD46-F6FB43F9C575",
            "versionEndExcluding": "6.5.0.5",
            "versionStartIncluding": "6.5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5221CFEE-6FBF-44E4-8DB1-592BE809E4B3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A093039-37B1-4EAE-9905-85916BEBF5B3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5505_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C36ED08-6819-4BC4-9BDB-FD490CED1877"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E9CBD3A-F426-4E13-BAAB-1AE1ED7400E7"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE2C0163-BBB7-45AD-8F4E-FA929FC15008"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5510_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC5BE91D-FF59-42CC-BF9B-8C019ACDA3E9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B091B9BA-D4CA-435B-8D66-602B45F0E0BD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33D660B9-A5B8-497D-8820-24ED84E93CE6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7931908-4F0B-47E0-AA9F-0D6C58B58607"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F6AE2D7-5B7B-4883-93D1-4A3232761E16"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09DB9B53-5F40-4262-8520-23827593FA75"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8990E7B1-E256-48DC-A91D-E7A369CA140B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1B82BE6-AD49-4EC9-A4CE-6F56EF123BF8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "993BCB8D-6F0A-40FE-BB35-6721C4AF51B3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CDF3D71-3674-483A-A860-CB908FEAF38B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5520_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11BBB96D-3921-4DC4-9A05-0CCF2F9D48F0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5520:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B387F62-6341-434D-903F-9B72E7F84ECB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32970E7C-89EB-49AB-8397-D44D59047940"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8EC08D0-0A8F-4846-83B1-5059D8B270F3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64B3A25A-48EA-440B-BFA9-F90316C93396"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CA91C35-A8BE-4766-B4B4-86B185F16467"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC09B403-0051-441A-A3D3-B790DD60F7F5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5540_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "393228AB-D0BC-41AC-92E7-40F7E0399BDD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5540:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "17C5A524-E1D9-480F-B655-0680AA5BF720"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B63F6AD6-6084-427B-8530-C2FDABCAD1D4"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5536B015-5F7E-4CB4-B11B-CDA0DB9879AD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7175A1A-92AB-4005-B341-A3C99BD24701"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "809A29EF-DDD9-47E4-AB84-F4CE412621B9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C79FCA1-BC64-45C8-A30A-0D97A77BB26F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5550_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55EDCE66-9336-437D-ABF1-C2B3429D10C4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E6287D95-F564-44B7-A0F9-91396D7C2C4E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C3D9650-E3FE-42BA-A94D-3D457477BAC0"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D89517A-EBBA-49EB-BBDD-9A99D2AFD79B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4511E447-F8F8-44C8-8751-375519AD01A1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFE1487B-1A2E-452A-B994-F5AE6745DD5A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF86FD93-6AFA-4226-A0BC-8BFE87F49026"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5580_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E8402E-E457-4957-B19A-8CFAAF9083FC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.4\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A372D7A8-CAF1-4500-8C32-0B7D511096B1"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.8\\(4.18\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1A654F5-CEC9-43E7-A38F-72F26073ABC8"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:100.13\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65AD1473-6DEF-46AA-B5F9-955ACB434DE9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF907DBB-5201-49EC-92C5-3BD3752BDECC",
            "versionEndExcluding": "9.6.4.40",
            "versionStartIncluding": "9.6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEB1AF51-43DA-4399-8264-E0A2E629F799",
            "versionEndExcluding": "9.8.4.20",
            "versionStartIncluding": "9.8"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEE81D32-51D0-41F7-B06B-0750DCB1F589",
            "versionEndExcluding": "9.9.2.66",
            "versionStartIncluding": "9.9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49FFDB02-2944-4B31-BBC0-30E60BA9F9D1",
            "versionEndExcluding": "9.10.1.37",
            "versionStartIncluding": "9.10"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BDBCE56-8434-43B5-A172-5A63536D9E9F",
            "versionEndExcluding": "9.12.3.2",
            "versionStartIncluding": "9.12"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE14B138-4EED-43E1-A8F1-0D16F4A761C0",
            "versionEndExcluding": "9.13.1.7",
            "versionStartIncluding": "9.13"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
