CVE-2020-3179

CWE-4154 documents4 sources
Severity
7.5HIGH
EPSS
1.2%
top 21.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Cisco Firepower Threat DefenseCisco Cisco Firepower Threat Defense SoftwareCisco ASA 5505 Firmware+11 more
Timeline
PublishedMay 6
Latest updateMay 24

Description

A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory handling error when GRE over IPv6 traffic is processed. An attacker could exploit this vulnerability by sending crafted GRE over IPv6 packets with either IPv4 or IPv6 payload through an affected device. A succe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages14 packages

NVDcisco/firepower_threat_defense6.3.06.3.0.5+1
NVDcisco/asa_5505_firmware101.5\(1.26\), 9.9\(2\)+1
NVDcisco/asa_5510_firmware101.5\(1.26\), 9.9\(2\)+1
NVDcisco/asa_5520_firmware101.5\(1.26\), 9.9\(2\)+1

🔴Vulnerability Details

2
GHSA
GHSA-xf33-8qpp-q25c: A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow a2022-05-24
CVEList
Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability2020-05-06

📋Vendor Advisories

1
Cisco
Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability2020-05-06
CVE-2020-3179 (HIGH CVSS 7.5) | A vulnerability in the generic rout | cvebase.io