CVE-2020-3373 — Uncontrolled Resource Consumption in Cisco Adaptive Security Appliance Software

CWE-400 — Uncontrolled Resource Consumption CWE-401 — Missing Release of Memory after Effective Lifetime4 documents4 sources

Severity

8.6HIGHNVD

EPSS

1.9%

top 16.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense

Timeline

PublishedOct 21

Latest updateMay 24

Description

A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper error handling when specific failures occur during IP fragment reassembly. An …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

▶NVDcisco/adaptive_security_appliance_software6 versions+5

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwaren/a

▶NVDcisco/firepower_threat_defense6.6.0.1

🔴Vulnerability Details

GHSA

GHSA-cjgx-rm4j-vw44: A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IP Fragment Memory Leak Vulnerability↗2020-10-21

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IP Fragment Memory Leak Vulnerability↗2020-10-21

▶