8.6
CVE-2020-3533
- EPSS 1.31%
- Veröffentlicht 21.10.2020 19:15:17
- Zuletzt bearbeitet 21.11.2024 05:31:15
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. The vulnerability is due to a lack of sufficient memory management protections under heavy SNMP polling loads. An attacker could exploit this vulnerability by sending a high rate of SNMP requests to the SNMP daemon through the management interface on an affected device. A successful exploit could allow the attacker to cause the SNMP daemon process to consume a large amount of system memory over time, which could then lead to an unexpected device restart, causing a denial of service (DoS) condition. This vulnerability affects all versions of SNMP.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Firepower Threat Defense Version < 6.3.0.6
Cisco ≫ Firepower Threat Defense Version >= 6.4.0 < 6.4.0.10
Cisco ≫ Firepower Threat Defense Version >= 6.5.0 < 6.5.0.5
Cisco ≫ Firepower Threat Defense Version >= 6.6.0 < 6.6.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.779 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| psirt@cisco.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.