Lucene search

[email protected]CVE-2023-20042

HistoryNov 01, 2023 - 6:15 p.m.

CVE-2023-20042

2023-11-0118:15:08

CWE-404

[email protected]

web.nvd.nist.gov

vulnerability

anyconnect

ssl vpn

cisco

asa

ftd

denial of service

dos

nvd

cve-2023-20042

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition.

Affected configurations

NVD

Node

ciscofirepower_threat_defenseMatch7.0.0

ciscofirepower_threat_defenseMatch7.0.0.1

ciscofirepower_threat_defenseMatch7.0.1

ciscofirepower_threat_defenseMatch7.0.1.1

ciscofirepower_threat_defenseMatch7.0.2

ciscofirepower_threat_defenseMatch7.0.2.1

ciscofirepower_threat_defenseMatch7.0.3

ciscofirepower_threat_defenseMatch7.0.4

ciscofirepower_threat_defenseMatch7.0.5

ciscofirepower_threat_defenseMatch7.1.0

ciscofirepower_threat_defenseMatch7.1.0.1

ciscofirepower_threat_defenseMatch7.1.0.2

ciscofirepower_threat_defenseMatch7.1.0.3

ciscofirepower_threat_defenseMatch7.2.0

ciscofirepower_threat_defenseMatch7.2.0.1

ciscofirepower_threat_defenseMatch7.2.1

ciscofirepower_threat_defenseMatch7.2.2

ciscofirepower_threat_defenseMatch7.2.3

ciscofirepower_threat_defenseMatch7.3.0

ciscofirepower_threat_defenseMatch7.3.1

ciscofirepower_threat_defenseMatch7.3.1.1

Node

ciscoadaptive_security_appliance_softwareMatch9.16.1

ciscoadaptive_security_appliance_softwareMatch9.16.1.28

ciscoadaptive_security_appliance_softwareMatch9.16.2

ciscoadaptive_security_appliance_softwareMatch9.16.2.3

ciscoadaptive_security_appliance_softwareMatch9.16.2.7

ciscoadaptive_security_appliance_softwareMatch9.16.2.11

ciscoadaptive_security_appliance_softwareMatch9.16.2.13

ciscoadaptive_security_appliance_softwareMatch9.16.2.14

ciscoadaptive_security_appliance_softwareMatch9.16.3

ciscoadaptive_security_appliance_softwareMatch9.16.3.3

ciscoadaptive_security_appliance_softwareMatch9.16.3.14

ciscoadaptive_security_appliance_softwareMatch9.16.3.15

ciscoadaptive_security_appliance_softwareMatch9.16.3.19

ciscoadaptive_security_appliance_softwareMatch9.16.3.23

ciscoadaptive_security_appliance_softwareMatch9.16.4

ciscoadaptive_security_appliance_softwareMatch9.16.4.9

ciscoadaptive_security_appliance_softwareMatch9.17.1

ciscoadaptive_security_appliance_softwareMatch9.17.1.7

ciscoadaptive_security_appliance_softwareMatch9.17.1.9

ciscoadaptive_security_appliance_softwareMatch9.17.1.10

ciscoadaptive_security_appliance_softwareMatch9.17.1.11

ciscoadaptive_security_appliance_softwareMatch9.17.1.13

ciscoadaptive_security_appliance_softwareMatch9.17.1.15

ciscoadaptive_security_appliance_softwareMatch9.17.1.20

ciscoadaptive_security_appliance_softwareMatch9.18.1

ciscoadaptive_security_appliance_softwareMatch9.18.1.3

ciscoadaptive_security_appliance_softwareMatch9.18.2

ciscoadaptive_security_appliance_softwareMatch9.18.2.5

ciscoadaptive_security_appliance_softwareMatch9.18.2.7

ciscoadaptive_security_appliance_softwareMatch9.19.1

CPENameOperatorVersion
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.0
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.0.1
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.1
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.1.1
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.2
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.2.1
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.3
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.4
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.5
cisco:firepower_threat_defensecisco firepower threat defenseeq7.1.0

CPE	Name	Operator	Version
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.0
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.0.1
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.1
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.1.1
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.2
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.2.1
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.3
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.4
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.5
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.1.0

Rows per page:

1-10 of 211

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Adaptive Security Appliance (ASA) Software",
    "versions": [
      {
        "version": "9.16.1",
        "status": "affected"
      },
      {
        "version": "9.16.1.28",
        "status": "affected"
      },
      {
        "version": "9.16.2",
        "status": "affected"
      },
      {
        "version": "9.16.2.3",
        "status": "affected"
      },
      {
        "version": "9.16.2.7",
        "status": "affected"
      },
      {
        "version": "9.16.2.11",
        "status": "affected"
      },
      {
        "version": "9.16.2.13",
        "status": "affected"
      },
      {
        "version": "9.16.2.14",
        "status": "affected"
      },
      {
        "version": "9.16.3",
        "status": "affected"
      },
      {
        "version": "9.16.3.3",
        "status": "affected"
      },
      {
        "version": "9.16.3.14",
        "status": "affected"
      },
      {
        "version": "9.16.3.15",
        "status": "affected"
      },
      {
        "version": "9.16.3.19",
        "status": "affected"
      },
      {
        "version": "9.16.3.23",
        "status": "affected"
      },
      {
        "version": "9.16.4",
        "status": "affected"
      },
      {
        "version": "9.16.4.9",
        "status": "affected"
      },
      {
        "version": "9.17.1",
        "status": "affected"
      },
      {
        "version": "9.17.1.7",
        "status": "affected"
      },
      {
        "version": "9.17.1.9",
        "status": "affected"
      },
      {
        "version": "9.17.1.10",
        "status": "affected"
      },
      {
        "version": "9.17.1.11",
        "status": "affected"
      },
      {
        "version": "9.17.1.13",
        "status": "affected"
      },
      {
        "version": "9.17.1.15",
        "status": "affected"
      },
      {
        "version": "9.17.1.20",
        "status": "affected"
      },
      {
        "version": "9.18.1",
        "status": "affected"
      },
      {
        "version": "9.18.1.3",
        "status": "affected"
      },
      {
        "version": "9.18.2",
        "status": "affected"
      },
      {
        "version": "9.18.2.5",
        "status": "affected"
      },
      {
        "version": "9.18.2.7",
        "status": "affected"
      },
      {
        "version": "9.19.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco Firepower Threat Defense Software",
    "versions": [
      {
        "version": "7.0.0",
        "status": "affected"
      },
      {
        "version": "7.0.0.1",
        "status": "affected"
      },
      {
        "version": "7.0.1",
        "status": "affected"
      },
      {
        "version": "7.0.1.1",
        "status": "affected"
      },
      {
        "version": "7.0.2",
        "status": "affected"
      },
      {
        "version": "7.0.2.1",
        "status": "affected"
      },
      {
        "version": "7.0.3",
        "status": "affected"
      },
      {
        "version": "7.0.4",
        "status": "affected"
      },
      {
        "version": "7.0.5",
        "status": "affected"
      },
      {
        "version": "7.1.0",
        "status": "affected"
      },
      {
        "version": "7.1.0.1",
        "status": "affected"
      },
      {
        "version": "7.1.0.2",
        "status": "affected"
      },
      {
        "version": "7.1.0.3",
        "status": "affected"
      },
      {
        "version": "7.2.0",
        "status": "affected"
      },
      {
        "version": "7.2.0.1",
        "status": "affected"
      },
      {
        "version": "7.2.1",
        "status": "affected"
      },
      {
        "version": "7.2.2",
        "status": "affected"
      },
      {
        "version": "7.2.3",
        "status": "affected"
      },
      {
        "version": "7.3.0",
        "status": "affected"
      },
      {
        "version": "7.3.1",
        "status": "affected"
      },
      {
        "version": "7.3.1.1",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-kxG8mpUA

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for CVE-2023-20042

cvelist1 prion1 cisco1 nvd1