CVE-2020-3303
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
Affected (6)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.6.4.36 | |
| From 9.12 to 9.12.2.9 |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5505 | All versions |
Cisco Asa 5510 | All versions |
Cisco Asa 5512 X | All versions |
Cisco Asa 5515 X | All versions |
Cisco Asa 5520 | All versions |
Cisco Asa 5525 X | All versions |
Cisco Asa 5550 | All versions |
Cisco Asa 5555 X | All versions |
Cisco Asa 5580 | All versions |
Cisco Asa 5585 X | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.3.0.5 |
Related CWEs
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.