ID
VAR-202005-0686
CVE
CVE-2020-3188
TITLE
Cisco Firepower Threat Defense Input verification vulnerabilities in software
Trust: 0.8
DESCRIPTION
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only. Cisco Firepower Threat Defense (FTD) The software contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | cisco | model: | asa 5525-x | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5505 | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | firepower threat defense | scope: | lt | version: | 6.4.0.9 | Trust: 1.0 |
| vendor: | cisco | model: | asa 5512-x | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5550 | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | firepower threat defense | scope: | gte | version: | 6.4.0 | Trust: 1.0 |
| vendor: | cisco | model: | asa 5545-x | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5505 | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | firepower threat defense | scope: | gte | version: | 6.5.0 | Trust: 1.0 |
| vendor: | cisco | model: | asa 5545-x | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5512-x | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5580 | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5550 | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5585-x | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5520 | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5555-x | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | firepower threat defense | scope: | lt | version: | 6.5.0.5 | Trust: 1.0 |
| vendor: | cisco | model: | asa 5585-x | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5515-x | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5510 | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5555-x | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5520 | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5515-x | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5510 | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5540 | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5580 | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5525-x | scope: | eq | version: | 101.6\(1.96\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5540 | scope: | eq | version: | 9.8\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | asa 5505 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asa 5510 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asa 5512-x | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asa 5515-x | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asa 5520 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asa 5525-x | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asa 5540 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asa 5545-x | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asa 5550 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | firepower threat defense software | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.4.0 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.4.0.1 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.4.0.2 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.4.0.3 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.4.0.4 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.4.0.5 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.4.0.6 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.4.0.7 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.4.0.8 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.5.0 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.5.0.2 | Trust: 0.1 |
| vendor: | cisco | model: | firepower threat defense | scope: | eq | version: | 6.5.0.3 | Trust: 0.1 |
| vendor: | cisco | model: | asa 5505 | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5505 | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5510 | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5510 | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5512-x | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5512-x | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5515-x | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5515-x | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5520 | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5520 | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5525-x | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5525-x | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5540 | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5540 | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5545-x | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5545-x | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5550 | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5550 | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5555-x | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5555-x | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5580 | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5580 | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5585-x | scope: | eq | version: | 9.8(3) | Trust: 0.1 |
| vendor: | cisco | model: | asa 5585-x | scope: | eq | version: | 101.6(1.96) | Trust: 0.1 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-613 | Trust: 1.1 |
| problemtype: | CWE-399 | Trust: 1.0 |
| problemtype: | CWE-20 | Trust: 0.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU | Trust: 0.8 |
| title: | Cisco: Cisco Firepower Threat Defense Software Management Interface Denial of Service Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU | Trust: 0.1 |
| title: | The Register | url: | https://www.theregister.co.uk/2020/05/07/cisco_may_patches/ | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-3188 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2020-005188 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202005-203 | Trust: 0.7 |
| db: | AUSCERT | id: | ESB-2020.1614 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2020.1614.2 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-181313 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2020-3188 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-mgmt-interface-dos-fkg4mutu | Trust: 1.9 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-3188 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3188 | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.1614/ | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.1614.2/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/20.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/181527 | Trust: 0.1 |
SOURCES
| db: | VULHUB | id: | VHN-181313 |
| db: | VULMON | id: | CVE-2020-3188 |
| db: | JVNDB | id: | JVNDB-2020-005188 |
| db: | CNNVD | id: | CNNVD-202005-203 |
| db: | NVD | id: | CVE-2020-3188 |
LAST UPDATE DATE
2024-08-14T14:03:47.390000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-181313 | date: | 2021-08-12T00:00:00 |
| db: | VULMON | id: | CVE-2020-3188 | date: | 2020-05-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-005188 | date: | 2020-06-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-202005-203 | date: | 2020-05-15T00:00:00 |
| db: | NVD | id: | CVE-2020-3188 | date: | 2021-08-12T18:18:33.027 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-181313 | date: | 2020-05-06T00:00:00 |
| db: | VULMON | id: | CVE-2020-3188 | date: | 2020-05-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-005188 | date: | 2020-06-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-202005-203 | date: | 2020-05-06T00:00:00 |
| db: | NVD | id: | CVE-2020-3188 | date: | 2020-05-06T17:15:12.150 |