Lucene search

[email protected]CVE-2020-3283

HistoryMay 06, 2020 - 5:15 p.m.

CVE-2020-3283

2020-05-0617:15:00

CWE-787

[email protected]

web.nvd.nist.gov

cisco

ftd

software

vulnerability

dos

attack

ssl

tls

cve-2020-3283

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.5%

JSON

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload.

CPENameOperatorVersion
cisco:firepower_threat_defensecisco firepower threat defenselt6.4.0.9
cisco:asa_5505_firmwarecisco asa 5505 firmwareeq9.12\(2.12\)
cisco:asa_5505_firmwarecisco asa 5505 firmwareeq9.13\(0.33\)
cisco:asa_5510_firmwarecisco asa 5510 firmwareeq9.12\(2.12\)
cisco:asa_5510_firmwarecisco asa 5510 firmwareeq9.13\(0.33\)
cisco:asa_5512-x_firmwarecisco asa 5512-x firmwareeq9.12\(2.12\)
cisco:asa_5512-x_firmwarecisco asa 5512-x firmwareeq9.13\(0.33\)
cisco:asa_5515-x_firmwarecisco asa 5515-x firmwareeq9.12\(2.12\)
cisco:asa_5515-x_firmwarecisco asa 5515-x firmwareeq9.13\(0.33\)
cisco:asa_5520_firmwarecisco asa 5520 firmwareeq9.12\(2.12\)

CPE	Name	Operator	Version
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.4.0.9
cisco:asa_5505_firmware	cisco asa 5505 firmware	eq	9.12\(2.12\)
cisco:asa_5505_firmware	cisco asa 5505 firmware	eq	9.13\(0.33\)
cisco:asa_5510_firmware	cisco asa 5510 firmware	eq	9.12\(2.12\)
cisco:asa_5510_firmware	cisco asa 5510 firmware	eq	9.13\(0.33\)
cisco:asa_5512-x_firmware	cisco asa 5512-x firmware	eq	9.12\(2.12\)
cisco:asa_5512-x_firmware	cisco asa 5512-x firmware	eq	9.13\(0.33\)
cisco:asa_5515-x_firmware	cisco asa 5515-x firmware	eq	9.12\(2.12\)
cisco:asa_5515-x_firmware	cisco asa 5515-x firmware	eq	9.13\(0.33\)
cisco:asa_5520_firmware	cisco asa 5520 firmware	eq	9.12\(2.12\)

Rows per page:

1-10 of 251

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.5%

JSON

Related for CVE-2020-3283

prion1 nessus1 cisco1 threatpost1