CVE-2020-3555

CWE-4049 documents5 sources
Severity
7.5HIGH
EPSS
0.6%
top 30.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Adaptive Security ApplianceCisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense+1 more
Timeline
PublishedOct 21
Latest updateMay 24

Description

A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from the connection list. An attacker could exploit

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages4 packages

NVDcisco/firepower_threat_defense6.3.06.3.0.6+4

🔴Vulnerability Details

2
GHSA
GHSA-r7x6-g4f2-fq99: A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software co2022-05-24
CVEList
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Denial of Service Vulnerability2020-10-21

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Denial of Service Vulnerability2020-10-21

💬Community

4
Bugzilla
CVE-2020-12425 Mozilla: Out of bound read in Date.parse()2020-08-26
Bugzilla
CVE-2020-12422 Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer2020-08-26
Bugzilla
CVE-2020-15648 Mozilla: X-Frame-Options bypass using object or embed tags2020-08-26
Bugzilla
CVE-2020-15658 Mozilla: Overriding file type when saving to disk2020-07-29
CVE-2020-3555 (HIGH CVSS 7.5) | A vulnerability in the SIP inspecti | cvebase.io