CVE-2020-3254

CVE Database · CVE-2020-3254

CVE-2020-3254

· HIGHModified

CVSS v3.1

7.5

EPSS

1.92%

Published

May 6, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device. An exploit could allow the attacker to cause memory exhaustion resulting in a restart of an affected device, causing a DoS condition for traffic traversing the device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-400CWE-400

Affected Products (32)

cisco · firepower_threat_defense (up to 6.2.3.16)vulnerable

cisco · firepower_threat_defense (up to 6.3.0.6)vulnerable

cisco · firepower_threat_defense (up to 6.4.0.4)vulnerable

cisco · asa_5505_firmwarevulnerable

cisco · asa_5505

cisco · asa_5510_firmwarevulnerable

cisco · asa_5510

cisco · asa_5512-x_firmwarevulnerable

cisco · asa_5512-x

cisco · asa_5515-x_firmwarevulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs