CVE-2020-3191

Published: May 6, 2020Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only.

Affected (32)

Products: Cisco: Firepower Threat Defense, Asa 5505 Firmware, Asa 5510 Firmware, Asa 5512 X Firmware, Asa 5515 X Firmware, Asa 5520 Firmware, Asa 5525 X Firmware, Asa 5540 Firmware, Asa 5545 X Firmware, Asa 5550 Firmware, Asa 5555 X Firmware, Asa 5580 Firmware, Asa 5585 X Firmware, Adaptive Security Appliance Software

Cisco

14 products

Firepower Threat Defense

Adaptive Security Appliance Software

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Firepower Threat Defense	From 6.2.3 to 6.2.3.16
Cisco Firepower Threat Defense	From 6.3.0 to 6.3.0.6
Cisco Firepower Threat Defense	From 6.4.0 to 6.4.0.6

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5505 Firmware	Version 9.4(1)
Cisco Asa 5505 Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5505	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5510 Firmware	Version 9.4(1)
Cisco Asa 5510 Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5510	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5512 X Firmware	Version 9.4(1)
Cisco Asa 5512 X Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5512 X	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5515 X Firmware	Version 9.4(1)
Cisco Asa 5515 X Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5515 X	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5520 Firmware	Version 9.4(1)
Cisco Asa 5520 Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5520	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5525 X Firmware	Version 9.4(1)
Cisco Asa 5525 X Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5525 X	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5540 Firmware	Version 9.4(1)
Cisco Asa 5540 Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5540	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5545 X Firmware	Version 9.4(1)
Cisco Asa 5545 X Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5545 X	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5550 Firmware	Version 9.4(1)
Cisco Asa 5550 Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5550	All versions

Configuration K

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5555 X Firmware	Version 9.4(1)
Cisco Asa 5555 X Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5555 X	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5580 Firmware	Version 9.4(1)
Cisco Asa 5580 Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5580	All versions

Configuration M

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5585 X Firmware	Version 9.4(1)
Cisco Asa 5585 X Firmware	Version 96.4(0.42)

Running on/with	Platform Versions
Cisco Asa 5585 X	All versions

Configuration N

5 vulnerable

Vulnerable Software	Affected Versions
Cisco Adaptive Security Appliance Software	From 9.10 to 9.10.1.37
Cisco Adaptive Security Appliance Software	From 9.12 to 9.12.2.9
Cisco Adaptive Security Appliance Software	From 9.6 to 9.6.4.36
Cisco Adaptive Security Appliance Software	From 9.8 to 9.8.4.12
Cisco Adaptive Security Appliance Software	From 9.9 to 9.9.2.66

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.