CVE-2020-3554

A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vulnerability by sending a high rate of crafted TCP traffic through an affected device. A successful exploit could allow the attacker to exhaust device resources, resulting in a DoS condition for traffic transiting the affected device.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-QFcNEPfx	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:adaptive_security_appliance::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

History

16 Aug 2023, 16:17

Type	Values Removed	Values Added
First Time		Cisco adaptive Security Appliance Software
CPE		cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

Information

Published : 2020-10-21 19:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-3554

Mitre link : CVE-2020-3554

CVE.ORG link : CVE-2020-3554

JSON object : View

Products Affected

cisco

adaptive_security_appliance
firepower_threat_defense
adaptive_security_appliance_software

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2020-3554", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-10-21T19:15:17.420", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-QFcNEPfx", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vulnerability by sending a high rate of crafted TCP traffic through an affected device. A successful exploit could allow the attacker to exhaust device resources, resulting in a DoS condition for traffic transiting the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en el procesamiento de paquetes TCP de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad es debido a una condici\u00f3n de agotamiento de la memoria. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una alta tasa de tr\u00e1fico TCP dise\u00f1ado por medio de un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante agotar los recursos del dispositivo, resultando en una condici\u00f3n de DoS para el tr\u00e1fico que transita por el dispositivo afectado"}], "lastModified": "2023-08-16T16:17:07.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D2F5B96-8C64-4A50-9C63-93AC36383DB1", "versionEndExcluding": "9.12.4.3"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2330600D-6AB1-4912-A595-2AE167853B93", "versionEndIncluding": "6.2.2"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "961753A1-2ECF-47EA-87AE-B81CC1D29599", "versionEndExcluding": "6.4.0.10", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ED0E59C-146C-494F-AD46-F6FB43F9C575", "versionEndExcluding": "6.5.0.5", "versionStartIncluding": "6.5.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4148D30-F285-4045-A017-82F5BF074233", "versionEndExcluding": "9.13.1.13", "versionStartIncluding": "9.13.0"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDD8BF1D-E300-461E-99C5-E191BE4173C2", "versionEndExcluding": "9.14.1.30", "versionStartIncluding": "9.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}