Lucene search

[email protected]CVE-2020-3304

HistoryOct 21, 2020 - 7:15 p.m.

CVE-2020-3304

2020-10-2119:15:15

CWE-400

CWE-20

[email protected]

web.nvd.nist.gov

cve-2020-3304

cisco

asa

ftd

web interface

dos

vulnerability

http validation

security

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.2%

JSON

A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic.

Affected configurations

NVD

Node

ciscoadaptive_security_applianceRange<9.6.4.45

ciscofirepower_threat_defenseRange<6.3.0.6

ciscofirepower_threat_defenseRange6.4.0–6.4.0.10

ciscofirepower_threat_defenseRange6.5.0–6.5.0.5

ciscofirepower_threat_defenseRange6.6.0–6.6.1

ciscoadaptive_security_appliance_softwareRange9.8.0–9.8.4.22

ciscoadaptive_security_appliance_softwareRange9.9.0–9.9.2.80

ciscoadaptive_security_appliance_softwareRange9.10.0–9.10.1.44

ciscoadaptive_security_appliance_softwareRange9.12.0–9.12.3.12

ciscoadaptive_security_appliance_softwareRange9.13.0–9.13.1.12

ciscoadaptive_security_appliance_softwareRange9.14.0–9.14.1.10

CPENameOperatorVersion
cisco:adaptive_security_appliancecisco adaptive security appliancelt9.6.4.45
cisco:firepower_threat_defensecisco firepower threat defenselt6.3.0.6
cisco:firepower_threat_defensecisco firepower threat defenselt6.4.0.10
cisco:firepower_threat_defensecisco firepower threat defenselt6.5.0.5
cisco:firepower_threat_defensecisco firepower threat defenselt6.6.1
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.8.4.22
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.9.2.80
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.10.1.44
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.12.3.12
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.13.1.12

CPE	Name	Operator	Version
cisco:adaptive_security_appliance	cisco adaptive security appliance	lt	9.6.4.45
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.3.0.6
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.4.0.10
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.5.0.5
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.6.1
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.8.4.22
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.9.2.80
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.10.1.44
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.12.3.12
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.13.1.12

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "Cisco Adaptive Security Appliance (ASA) Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webdos-fBzM5Ynw

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.2%

JSON

Related for CVE-2020-3304

cvelist1 nvd1 prion1 cisco1 nessus2 threatpost1