ID

VAR-202005-0689


CVE

CVE-2020-3195


TITLE

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software exhaustion vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-005267

DESCRIPTION

A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition. The platform provides features such as highly secure access to data and network resources

Trust: 1.8

sources: NVD: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // VULHUB: VHN-181320 // VULMON: CVE-2020-3195

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:asa 5510scope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.3.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.13.1.7

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.9

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:asa 5540scope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.12

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.5.0.5

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:asa 5550scope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:asa 5520scope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:9.12\(2\)

Trust: 1.0

vendor:ciscomodel:asa 5505scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5510scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5512-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5515-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5520scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5525-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5540scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5545-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5550scope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.12

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.12.0

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.12.2.1

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.12.2.5

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.12.2.9

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.12.3

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.13

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.13.0

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.13.1

Trust: 0.1

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.13.1.2

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.1

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.2

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.3

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.4

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.5

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.6

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.7

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.8

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.5.0

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.5.0.2

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.5.0.3

Trust: 0.1

vendor:ciscomodel:asa 5505scope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5510scope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5512-xscope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5515-xscope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5520scope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5525-xscope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5540scope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5545-xscope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5550scope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5555-xscope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5580scope:eqversion:9.12(2)

Trust: 0.1

vendor:ciscomodel:asa 5585-xscope:eqversion:9.12(2)

Trust: 0.1

sources: VULMON: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // NVD: CVE-2020-3195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3195
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3195
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005267
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-217
value: HIGH

Trust: 0.6

VULHUB: VHN-181320
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3195
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3195
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005267
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181320
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3195
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3195
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-005267
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181320 // VULMON: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // CNNVD: CNNVD-202005-217 // NVD: CVE-2020-3195 // NVD: CVE-2020-3195

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:CWE-401

Trust: 1.1

sources: VULHUB: VHN-181320 // JVNDB: JVNDB-2020-005267 // NVD: CVE-2020-3195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-217

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202005-217

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005267

PATCH

title:cisco-sa-asa-ftd-ospf-memleak-DHpsgfnvurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv

Trust: 0.8

title:Cisco Firepower Threat Defense and Adaptive Security Appliances Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117819

Trust: 0.6

title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2020/05/07/cisco_may_patches/

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/

Trust: 0.1

sources: VULMON: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // CNNVD: CNNVD-202005-217

EXTERNAL IDS

db:NVDid:CVE-2020-3195

Trust: 2.6

db:JVNDBid:JVNDB-2020-005267

Trust: 0.8

db:CNNVDid:CNNVD-202005-217

Trust: 0.7

db:AUSCERTid:ESB-2020.1615

Trust: 0.6

db:AUSCERTid:ESB-2020.1615.2

Trust: 0.6

db:CNVDid:CNVD-2020-31103

Trust: 0.1

db:VULHUBid:VHN-181320

Trust: 0.1

db:VULMONid:CVE-2020-3195

Trust: 0.1

sources: VULHUB: VHN-181320 // VULMON: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // CNNVD: CNNVD-202005-217 // NVD: CVE-2020-3195

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-ftd-ospf-memleak-dhpsgfnv

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-3195

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3195

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-asa-memory-leak-via-ospf-32190

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1615/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1615.2/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181507

Trust: 0.1

url:https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/

Trust: 0.1

sources: VULHUB: VHN-181320 // VULMON: CVE-2020-3195 // JVNDB: JVNDB-2020-005267 // CNNVD: CNNVD-202005-217 // NVD: CVE-2020-3195

SOURCES

db:VULHUBid:VHN-181320
db:VULMONid:CVE-2020-3195
db:JVNDBid:JVNDB-2020-005267
db:CNNVDid:CNNVD-202005-217
db:NVDid:CVE-2020-3195

LAST UPDATE DATE

2024-08-14T13:24:33.737000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181320date:2021-08-12T00:00:00
db:VULMONid:CVE-2020-3195date:2020-05-13T00:00:00
db:JVNDBid:JVNDB-2020-005267date:2020-06-10T00:00:00
db:CNNVDid:CNNVD-202005-217date:2021-08-17T00:00:00
db:NVDid:CVE-2020-3195date:2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:VULHUBid:VHN-181320date:2020-05-06T00:00:00
db:VULMONid:CVE-2020-3195date:2020-05-06T00:00:00
db:JVNDBid:JVNDB-2020-005267date:2020-06-10T00:00:00
db:CNNVDid:CNNVD-202005-217date:2020-05-06T00:00:00
db:NVDid:CVE-2020-3195date:2020-05-06T17:15:12.353