Details of VAR-202005-0689

ID

VAR-202005-0689

CVE

CVE-2020-3195

TITLE

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software exhaustion vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-005267

DESCRIPTION

A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition. The platform provides features such as highly secure access to data and network resources

Trust: 1.8

sources: NVD: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // VULHUB: VHN-181320 // VULMON: CVE-2020-3195

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.13	Trust: 1.0
vendor:	cisco	model:	asa 5515-x	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	asa 5510	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.13.1.7	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.9	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	asa 5540	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	asa 5580	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	asa 5525-x	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.12	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.5.0.5	Trust: 1.0
vendor:	cisco	model:	asa 5505	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	asa 5512-x	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	asa 5550	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	asa 5545-x	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	asa 5585-x	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	asa 5520	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	asa 5555-x	scope:	eq	version:	9.12\(2\)	Trust: 1.0
vendor:	cisco	model:	asa 5505	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5510	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5512-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5515-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5520	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5525-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5540	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5545-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5550	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.12	Trust: 0.1
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.12.0	Trust: 0.1
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.12.2.1	Trust: 0.1
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.12.2.5	Trust: 0.1
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.12.2.9	Trust: 0.1
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.12.3	Trust: 0.1
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.13	Trust: 0.1
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.13.0	Trust: 0.1
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.13.1	Trust: 0.1
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.13.1.2	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.1	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.2	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.3	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.4	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.5	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.6	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.7	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0.8	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.5.0	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.5.0.2	Trust: 0.1
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.5.0.3	Trust: 0.1
vendor:	cisco	model:	asa 5505	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5510	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5512-x	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5515-x	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5520	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5525-x	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5540	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5545-x	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5550	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5555-x	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5580	scope:	eq	version:	9.12(2)	Trust: 0.1
vendor:	cisco	model:	asa 5585-x	scope:	eq	version:	9.12(2)	Trust: 0.1

sources: VULMON: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // NVD: CVE-2020-3195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3195
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3195
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005267
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-217
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181320
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3195
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3195
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005267
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181320
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3195
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3195
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-005267
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181320 // VULMON: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // CNNVD: CNNVD-202005-217 // NVD: CVE-2020-3195 // NVD: CVE-2020-3195

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.9
problemtype:	CWE-401	Trust: 1.1

sources: VULHUB: VHN-181320 // JVNDB: JVNDB-2020-005267 // NVD: CVE-2020-3195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-217

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202005-217

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005267

PATCH

title:	cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv	Trust: 0.8
title:	Cisco Firepower Threat Defense and Adaptive Security Appliances Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117819	Trust: 0.6
title:	Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2020/05/07/cisco_may_patches/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/	Trust: 0.1

sources: VULMON: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // CNNVD: CNNVD-202005-217

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3195	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-005267	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-217	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1615	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1615.2	Trust: 0.6
db:	CNVD	id:	CNVD-2020-31103	Trust: 0.1
db:	VULHUB	id:	VHN-181320	Trust: 0.1
db:	VULMON	id:	CVE-2020-3195	Trust: 0.1

sources: VULHUB: VHN-181320 // VULMON: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // CNNVD: CNNVD-202005-217 // NVD: CVE-2020-3195

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-ftd-ospf-memleak-dhpsgfnv	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3195	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3195	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-asa-memory-leak-via-ospf-32190	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1615/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1615.2/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/181507	Trust: 0.1
url:	https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/	Trust: 0.1

sources: VULHUB: VHN-181320 // VULMON: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // CNNVD: CNNVD-202005-217 // NVD: CVE-2020-3195

SOURCES

db:	VULHUB	id:	VHN-181320
db:	VULMON	id:	CVE-2020-3195
db:	JVNDB	id:	JVNDB-2020-005267
db:	CNNVD	id:	CNNVD-202005-217
db:	NVD	id:	CVE-2020-3195

LAST UPDATE DATE

2024-08-14T13:24:33.737000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181320	date:	2021-08-12T00:00:00
db:	VULMON	id:	CVE-2020-3195	date:	2020-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-005267	date:	2020-06-10T00:00:00
db:	CNNVD	id:	CNNVD-202005-217	date:	2021-08-17T00:00:00
db:	NVD	id:	CVE-2020-3195	date:	2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181320	date:	2020-05-06T00:00:00
db:	VULMON	id:	CVE-2020-3195	date:	2020-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-005267	date:	2020-06-10T00:00:00
db:	CNNVD	id:	CNNVD-202005-217	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2020-3195	date:	2020-05-06T17:15:12.353