CVE-2020-3254

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.5HIGH

EPSS

1.2%

top 21.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense Cisco Cisco Adaptive Security Appliance (asa) Software +12 more

Timeline

PublishedMay 6

Latest updateMay 24

Description

Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device. An exploit could allow the at…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages15 packages

▶NVDcisco/adaptive_security_appliance_software9.6 — 9.6.4.34+4

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_softwaren/a

▶NVDcisco/firepower_threat_defense6.2.3 — 6.2.3.16+2

▶NVDcisco/asa_5505_firmware9.10\(1.3\)

▶NVDcisco/asa_5510_firmware9.10\(1.3\)

🔴Vulnerability Details

GHSA

GHSA-7r27-75hm-vvch: Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firep↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities↗2020-05-06

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities↗2020-05-06

▶