CVE-2020-3255

CVE Database · CVE-2020-3255

CVE-2020-3255

· HIGHModified

CVSS v3.1

7.5

EPSS

1.80%

Published

May 6, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a high rate of IPv4 or IPv6 traffic through an affected device. This traffic would need to match a configured block action in an access control policy. An exploit could allow the attacker to cause a memory exhaustion condition on the affected device, which would result in a DoS for traffic transiting the device, as well as sluggish performance of the management interface. Once the flood is stopped, performance should return to previous states.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-400CWE-400

Affected Products (27)

cisco · firepower_threat_defense (up to 6.2.3.16)vulnerable

cisco · firepower_threat_defense (up to 6.3.0.6)vulnerable

cisco · firepower_threat_defense (up to 6.4.0.9)vulnerable

cisco · asa_5505_firmwarevulnerable

cisco · asa_5505

cisco · asa_5510_firmwarevulnerable

cisco · asa_5510

cisco · asa_5512-x_firmwarevulnerable

cisco · asa_5512-x

cisco · asa_5515-x_firmwarevulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs