Details of VAR-202005-0705

ID

VAR-202005-0705

CVE

CVE-2020-3305

TITLE

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software exhaustion vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-005427

DESCRIPTION

A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP packets. An attacker could exploit this vulnerability by sending a crafted BGP packet. A successful exploit could allow the attacker to cause a DoS condition on the affected device. The platform provides features such as highly secure access to data and network resources. The following products and versions are affected: Cisco ASA 9.5 and earlier, 9.6, 9.7, 9.8, 9.9, 9.10, 9.12; FTD 6.1.0 and earlier, 6.2.0, 6.2.1, Version 6.2.2, Version 6.2.3, Version 6.3.0, Version 6.4.0

Trust: 1.8

sources: NVD: CVE-2020-3305 // JVNDB: JVNDB-2020-005427 // VULHUB: VHN-181430 // VULMON: CVE-2020-3305

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance	scope:	lt	version:	9.6.4.36	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.2.9	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.3.0.5	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.10.1.30	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-005427 // NVD: CVE-2020-3305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3305
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3305
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-005427
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-183
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181430
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-3305
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3305
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005427
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181430
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3305
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3305
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-005427
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181430 // VULMON: CVE-2020-3305 // JVNDB: JVNDB-2020-005427 // CNNVD: CNNVD-202005-183 // NVD: CVE-2020-3305 // NVD: CVE-2020-3305

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-181430 // JVNDB: JVNDB-2020-005427 // NVD: CVE-2020-3305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-183

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202005-183

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005427

PATCH

title:	cisco-sa-asa-dos-P43GCE5j	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-P43GCE5j	Trust: 0.8
title:	Cisco Firepower Threat Defense and Adaptive Security Appliances Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118923	Trust: 0.6
title:	Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software BGP Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asa-dos-P43GCE5j	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2020/05/07/cisco_may_patches/	Trust: 0.1

sources: VULMON: CVE-2020-3305 // JVNDB: JVNDB-2020-005427 // CNNVD: CNNVD-202005-183

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3305	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-005427	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-183	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1615	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1615.2	Trust: 0.6
db:	VULHUB	id:	VHN-181430	Trust: 0.1
db:	VULMON	id:	CVE-2020-3305	Trust: 0.1

sources: VULHUB: VHN-181430 // VULMON: CVE-2020-3305 // JVNDB: JVNDB-2020-005427 // CNNVD: CNNVD-202005-183 // NVD: CVE-2020-3305

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-dos-p43gce5j	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3305	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3305	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-bgp-32205	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1615/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1615.2/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-181430 // VULMON: CVE-2020-3305 // JVNDB: JVNDB-2020-005427 // CNNVD: CNNVD-202005-183 // NVD: CVE-2020-3305

SOURCES

db:	VULHUB	id:	VHN-181430
db:	VULMON	id:	CVE-2020-3305
db:	JVNDB	id:	JVNDB-2020-005427
db:	CNNVD	id:	CNNVD-202005-183
db:	NVD	id:	CVE-2020-3305

LAST UPDATE DATE

2024-08-14T13:24:33.905000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181430	date:	2020-05-15T00:00:00
db:	VULMON	id:	CVE-2020-3305	date:	2020-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-005427	date:	2020-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202005-183	date:	2020-05-22T00:00:00
db:	NVD	id:	CVE-2020-3305	date:	2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181430	date:	2020-05-06T00:00:00
db:	VULMON	id:	CVE-2020-3305	date:	2020-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-005427	date:	2020-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202005-183	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2020-3305	date:	2020-05-06T17:15:13.197