CVE-2020-3188

Published: May 6, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only.

Affected (26)

Products: Cisco: Firepower Threat Defense, Asa 5505 Firmware, Asa 5510 Firmware, Asa 5512 X Firmware, Asa 5515 X Firmware, Asa 5520 Firmware, Asa 5525 X Firmware, Asa 5540 Firmware, Asa 5545 X Firmware, Asa 5550 Firmware, Asa 5555 X Firmware, Asa 5580 Firmware, Asa 5585 X Firmware

Cisco

13 products

Firepower Threat Defense

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Firepower Threat Defense	From 6.4.0 to 6.4.0.9
Cisco Firepower Threat Defense	From 6.5.0 to 6.5.0.5

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5505 Firmware	Version 101.6(1.96)
Cisco Asa 5505 Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5505	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5510 Firmware	Version 101.6(1.96)
Cisco Asa 5510 Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5510	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5512 X Firmware	Version 101.6(1.96)
Cisco Asa 5512 X Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5512 X	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5515 X Firmware	Version 101.6(1.96)
Cisco Asa 5515 X Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5515 X	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5520 Firmware	Version 101.6(1.96)
Cisco Asa 5520 Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5520	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5525 X Firmware	Version 101.6(1.96)
Cisco Asa 5525 X Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5525 X	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5540 Firmware	Version 101.6(1.96)
Cisco Asa 5540 Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5540	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5545 X Firmware	Version 101.6(1.96)
Cisco Asa 5545 X Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5545 X	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5550 Firmware	Version 101.6(1.96)
Cisco Asa 5550 Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5550	All versions

Configuration K

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5555 X Firmware	Version 101.6(1.96)
Cisco Asa 5555 X Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5555 X	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5580 Firmware	Version 101.6(1.96)
Cisco Asa 5580 Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5580	All versions

Configuration M

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5585 X Firmware	Version 101.6(1.96)
Cisco Asa 5585 X Firmware	Version 9.8(3)

Running on/with	Platform Versions
Cisco Asa 5585 X	All versions

Related CWEs

CWE-399

CWE-613

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.