CVE-2020-3283

Published: May 6, 2020Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload.

Affected (25)

Products: Cisco: Firepower Threat Defense, Asa 5505 Firmware, Asa 5510 Firmware, Asa 5512 X Firmware, Asa 5515 X Firmware, Asa 5520 Firmware, Asa 5525 X Firmware, Asa 5540 Firmware, Asa 5545 X Firmware, Asa 5550 Firmware, Asa 5555 X Firmware, Asa 5580 Firmware, Asa 5585 X Firmware

Cisco

13 products

Firepower Threat Defense

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Cisco Firepower Threat Defense	From 6.4.0 to 6.4.0.9

Running on/with	Platform Versions
Cisco Firepower 1010	All versions
Cisco Firepower 1020	All versions
Cisco Firepower 1030	All versions
Cisco Firepower 1040	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5505 Firmware	Version 9.12(2.12)
Cisco Asa 5505 Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5505	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5510 Firmware	Version 9.12(2.12)
Cisco Asa 5510 Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5510	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5512 X Firmware	Version 9.12(2.12)
Cisco Asa 5512 X Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5512 X	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5515 X Firmware	Version 9.12(2.12)
Cisco Asa 5515 X Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5515 X	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5520 Firmware	Version 9.12(2.12)
Cisco Asa 5520 Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5520	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5525 X Firmware	Version 9.12(2.12)
Cisco Asa 5525 X Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5525 X	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5540 Firmware	Version 9.12(2.12)
Cisco Asa 5540 Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5540	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5545 X Firmware	Version 9.12(2.12)
Cisco Asa 5545 X Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5545 X	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5550 Firmware	Version 9.12(2.12)
Cisco Asa 5550 Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5550	All versions

Configuration K

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5555 X Firmware	Version 9.12(2.12)
Cisco Asa 5555 X Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5555 X	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5580 Firmware	Version 9.12(2.12)
Cisco Asa 5580 Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5580	All versions

Configuration M

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Asa 5585 X Firmware	Version 9.12(2.12)
Cisco Asa 5585 X Firmware	Version 9.13(0.33)

Running on/with	Platform Versions
Cisco Asa 5585 X	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.