CVE-2020-3529 — Uncontrolled Resource Consumption in Cisco Adaptive Security Appliance

CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

7.5HIGHNVD

CNA8.6VulnCheck8.6

EPSS

1.3%

top 20.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense +1 more

Timeline

PublishedOct 21

Latest updateMay 24

Description

A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady st…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software9.8.0 — 9.8.4.29+5

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwaren/a

▶NVDcisco/firepower_threat_defense6.4.0 — 6.4.0.10+3

▶NVDcisco/adaptive_security_appliance< 9.6.4.45

🔴Vulnerability Details

GHSA

GHSA-xwcw-m39w-gg87: A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Softw↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL VPN Direct Memory Access Denial of Service Vulnerability↗2020-10-21

▶

VulnCheck

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Uncontrolled Resource Consumption↗2020

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL VPN Direct Memory Access Denial of Service Vulnerability↗2020-10-21

▶