8.6
CVE-2020-3283
- EPSS 1.31%
- Published 06.05.2020 17:15:12
- Last modified 21.11.2024 05:30:43
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Firepower Threat Defense Version >= 6.4.0 < 6.4.0.9
Cisco ≫ Firepower 1010 Version-
Cisco ≫ Firepower 1020 Version-
Cisco ≫ Firepower 1030 Version-
Cisco ≫ Firepower 1040 Version-
Cisco ≫ Firepower 1020 Version-
Cisco ≫ Firepower 1030 Version-
Cisco ≫ Firepower 1040 Version-
Cisco ≫ Asa 5505 Firmware Version9.12(2.12)
Cisco ≫ Asa 5505 Firmware Version9.13(0.33)
Cisco ≫ Asa 5510 Firmware Version9.12(2.12)
Cisco ≫ Asa 5510 Firmware Version9.13(0.33)
Cisco ≫ Asa 5512-x Firmware Version9.12(2.12)
Cisco ≫ Asa 5512-x Firmware Version9.13(0.33)
Cisco ≫ Asa 5515-x Firmware Version9.12(2.12)
Cisco ≫ Asa 5515-x Firmware Version9.13(0.33)
Cisco ≫ Asa 5520 Firmware Version9.12(2.12)
Cisco ≫ Asa 5520 Firmware Version9.13(0.33)
Cisco ≫ Asa 5525-x Firmware Version9.12(2.12)
Cisco ≫ Asa 5525-x Firmware Version9.13(0.33)
Cisco ≫ Asa 5540 Firmware Version9.12(2.12)
Cisco ≫ Asa 5540 Firmware Version9.13(0.33)
Cisco ≫ Asa 5545-x Firmware Version9.12(2.12)
Cisco ≫ Asa 5545-x Firmware Version9.13(0.33)
Cisco ≫ Asa 5550 Firmware Version9.12(2.12)
Cisco ≫ Asa 5550 Firmware Version9.13(0.33)
Cisco ≫ Asa 5555-x Firmware Version9.12(2.12)
Cisco ≫ Asa 5555-x Firmware Version9.13(0.33)
Cisco ≫ Asa 5580 Firmware Version9.12(2.12)
Cisco ≫ Asa 5580 Firmware Version9.13(0.33)
Cisco ≫ Asa 5585-x Firmware Version9.12(2.12)
Cisco ≫ Asa 5585-x Firmware Version9.13(0.33)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.779 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| psirt@cisco.com | 8.6 | 3.9 | 4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.