ID

VAR-202005-0688


CVE

CVE-2020-3191


TITLE

Cisco Adaptive Security Appliance software and Firepower Threat Defense Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-005190

DESCRIPTION

A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only. The platform provides features such as highly secure access to data and network resources

Trust: 1.8

sources: NVD: CVE-2020-3191 // JVNDB: JVNDB-2020-005190 // VULHUB: VHN-181316 // VULMON: CVE-2020-3191

AFFECTED PRODUCTS

vendor:ciscomodel:asa 5520scope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.2.9

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.12

Trust: 1.0

vendor:ciscomodel:asa 5510scope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.8

Trust: 1.0

vendor:ciscomodel:asa 5540scope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:asa 5550scope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.2.3

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.6.4.36

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.12

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.66

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.10.1.37

Trust: 1.0

vendor:ciscomodel:asa 5510scope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:asa 5540scope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:asa 5520scope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.6

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.2.3.16

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.6

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.6

Trust: 1.0

vendor:ciscomodel:asa 5550scope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:9.4\(1\)

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:96.4\(0.42\)

Trust: 1.0

vendor:ciscomodel:asa 5505scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5510scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5512-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5515-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5520scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5525-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5540scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5545-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5550scope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.6

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.6.0

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.6.2

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.6.4.30

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.6.4.31

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.6.4.34

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.8

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.8.0

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.8.4

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.8.4.7

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.8.4.9

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.8.4.10

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.9

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.9.0

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.9.2.50

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.9.2.56

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.10

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.10.0

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.10.1.22

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.10.1.27

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.10.1.30

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.12

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.12.0

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.12.2.1

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.12.2.5

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.1

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.2

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.3

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.4

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.5

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.6

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.7

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.9

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.10

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.11

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.12

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.13

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.14

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3.15

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0.1

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0.2

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0.3

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0.4

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0.5

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.1

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.2

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.3

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.4

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.5

Trust: 0.1

vendor:ciscomodel:asa 5505scope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5505scope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5510scope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5510scope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5512-xscope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5512-xscope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5515-xscope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5515-xscope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5520scope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5520scope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5525-xscope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5525-xscope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5540scope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5540scope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5545-xscope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5545-xscope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5550scope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5550scope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5555-xscope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5555-xscope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5580scope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5580scope:eqversion:96.4(0.42)

Trust: 0.1

vendor:ciscomodel:asa 5585-xscope:eqversion:9.4(1)

Trust: 0.1

vendor:ciscomodel:asa 5585-xscope:eqversion:96.4(0.42)

Trust: 0.1

sources: VULMON: CVE-2020-3191 // JVNDB: JVNDB-2020-005190 // NVD: CVE-2020-3191

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3191
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3191
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005190
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-209
value: HIGH

Trust: 0.6

VULHUB: VHN-181316
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3191
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3191
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005190
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181316
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3191
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3191
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-005190
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181316 // VULMON: CVE-2020-3191 // JVNDB: JVNDB-2020-005190 // CNNVD: CNNVD-202005-209 // NVD: CVE-2020-3191 // NVD: CVE-2020-3191

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181316 // JVNDB: JVNDB-2020-005190 // NVD: CVE-2020-3191

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-209

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-209

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005190

PATCH

title:cisco-sa-asaftd-ipv6-67pA658kurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k

Trust: 0.8

title:Cisco Firepower Threat Defense and Adaptive Security Appliances Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117811

Trust: 0.6

title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asaftd-ipv6-67pA658k

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2020/05/07/cisco_may_patches/

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/

Trust: 0.1

sources: VULMON: CVE-2020-3191 // JVNDB: JVNDB-2020-005190 // CNNVD: CNNVD-202005-209

EXTERNAL IDS

db:NVDid:CVE-2020-3191

Trust: 2.6

db:JVNDBid:JVNDB-2020-005190

Trust: 0.8

db:CNNVDid:CNNVD-202005-209

Trust: 0.7

db:AUSCERTid:ESB-2020.1615

Trust: 0.6

db:AUSCERTid:ESB-2020.1615.2

Trust: 0.6

db:CNVDid:CNVD-2020-29597

Trust: 0.1

db:VULHUBid:VHN-181316

Trust: 0.1

db:VULMONid:CVE-2020-3191

Trust: 0.1

sources: VULHUB: VHN-181316 // VULMON: CVE-2020-3191 // JVNDB: JVNDB-2020-005190 // CNNVD: CNNVD-202005-209 // NVD: CVE-2020-3191

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftd-ipv6-67pa658k

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-3191

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3191

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-dns-over-ipv6-32194

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1615/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1615.2/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181544

Trust: 0.1

url:https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/

Trust: 0.1

sources: VULHUB: VHN-181316 // VULMON: CVE-2020-3191 // JVNDB: JVNDB-2020-005190 // CNNVD: CNNVD-202005-209 // NVD: CVE-2020-3191

SOURCES

db:VULHUBid:VHN-181316
db:VULMONid:CVE-2020-3191
db:JVNDBid:JVNDB-2020-005190
db:CNNVDid:CNNVD-202005-209
db:NVDid:CVE-2020-3191

LAST UPDATE DATE

2024-08-14T13:24:33.769000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181316date:2021-08-12T00:00:00
db:VULMONid:CVE-2020-3191date:2020-05-12T00:00:00
db:JVNDBid:JVNDB-2020-005190date:2020-06-09T00:00:00
db:CNNVDid:CNNVD-202005-209date:2021-08-17T00:00:00
db:NVDid:CVE-2020-3191date:2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:VULHUBid:VHN-181316date:2020-05-06T00:00:00
db:VULMONid:CVE-2020-3191date:2020-05-06T00:00:00
db:JVNDBid:JVNDB-2020-005190date:2020-06-09T00:00:00
db:CNNVDid:CNNVD-202005-209date:2020-05-06T00:00:00
db:NVDid:CVE-2020-3191date:2020-05-06T17:15:12.290