CVE-2023-20042

Published Nov 1, 2023

Last updated 10 months ago

CVSS high 8.6

Overview

Description: A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
ykramarz@cisco.com: CWE-404

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBA2DFE7-F478-46EC-9832-4B2C738FC879"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13F57A86-6284-4269-823E-B30C57185D14"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1.28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6560447-039C-40FA-A24D-C8994AC2743B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "378ED826-F5FE-40BA-9FC0-9C185A13518B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "130B6FD9-764D-4EF8-91AA-37E52AE9B3E3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "225861CE-FFF8-4AFA-A07B-CB8D5BC9C361"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD08C4E8-3ADB-4048-9B3C-4F0385201523"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4875811-F209-49ED-B310-8377B2F87FF9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99C52C7B-B626-4A3C-A2EC-28A20E7FA95F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08CCBF5E-257A-4A1F-8930-3643A9588838"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "782BC9ED-1395-472B-9F34-DED812AA5BFD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "153449C0-B93F-49A2-8A6A-BE84305E8D2B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "853A002C-839A-4372-8485-750A86E9F6E9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C62BB5D6-CE75-4C83-82DC-4148EF8CB1F5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D32F1365-EAF8-4570-B2FF-45E47E8586F9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFD07F9B-6BB3-4423-8DBE-4E89A6478E65"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34FE4F28-B704-4325-AE8A-C790163FEE71"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27ACBA2A-87A7-4836-A474-AFD7D22F820D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C73E0B2E-BABF-4998-A1D7-4E803F9D78AD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59306ADF-FAA6-4970-ADFB-C5D9A5AEF1AD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "959107AC-E9EC-467C-901B-A3164E3762E9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F944F8F-0255-42BE-BD44-D21EC9F0FFC4"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F39C535-5A41-47CE-A9CF-B360998D4BF9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9CEAEFC-7B82-41F9-A09D-C86A3A60A4FB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40FAC31D-19C0-4BA0-A019-C7E7A0BA0B5B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BA16A6D-2747-4DAC-A30A-166F1FD906FA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "289F9874-FC01-4809-9BDA-1AF583FB60B2"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74EDFC67-E4EE-4D2C-BF9F-5881C987C662"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "826869BE-4874-4BBA-9392-14851560BA10"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF52D477-3045-45D1-9FD3-12F396266463"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEE52F59-AABA-4069-A909-64AD5DFD2B18"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References