ID

VAR-202010-1009


CVE

CVE-2020-3304


TITLE

Cisco Adaptive Security Appliance  and  Cisco Firepower Threat Defense  Software input verification vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012597

DESCRIPTION

A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic. The platform provides features such as highly secure access to data and network resources

Trust: 1.8

sources: NVD: CVE-2020-3304 // JVNDB: JVNDB-2020-012597 // VULHUB: VHN-181429 // VULMON: CVE-2020-3304

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.80

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.1.10

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.8.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.3.12

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.6.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.22

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.5.0.5

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.10.1.44

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.12.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.6

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliancescope:ltversion:9.6.4.45

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.14.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.13.1.12

Trust: 1.0

vendor:シスコシステムズmodel:cisco adaptive security appliance ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012597 // NVD: CVE-2020-3304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3304
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3304
value: HIGH

Trust: 1.0

NVD: CVE-2020-3304
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1143
value: HIGH

Trust: 0.6

VULHUB: VHN-181429
value: HIGH

Trust: 0.1

VULMON: CVE-2020-3304
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3304
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-181429
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2020-3304
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3304
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-181429 // VULMON: CVE-2020-3304 // JVNDB: JVNDB-2020-012597 // CNNVD: CNNVD-202010-1143 // NVD: CVE-2020-3304 // NVD: CVE-2020-3304

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-400

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181429 // JVNDB: JVNDB-2020-012597 // NVD: CVE-2020-3304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1143

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1143

PATCH

title:cisco-sa-asaftd-webdos-fBzM5Ynwurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webdos-fBzM5Ynw

Trust: 0.8

title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asaftd-webdos-fBzM5Ynw

Trust: 0.1

title:CVE-2020-3304url:https://github.com/AlAIAL90/CVE-2020-3304

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-dos-flaws-network-security-software/160414/

Trust: 0.1

sources: VULMON: CVE-2020-3304 // JVNDB: JVNDB-2020-012597

EXTERNAL IDS

db:NVDid:CVE-2020-3304

Trust: 2.6

db:JVNDBid:JVNDB-2020-012597

Trust: 0.8

db:CNNVDid:CNNVD-202010-1143

Trust: 0.7

db:AUSCERTid:ESB-2020.3642.3

Trust: 0.6

db:AUSCERTid:ESB-2020.3642

Trust: 0.6

db:NSFOCUSid:50234

Trust: 0.6

db:CNVDid:CNVD-2021-44684

Trust: 0.1

db:VULHUBid:VHN-181429

Trust: 0.1

db:VULMONid:CVE-2020-3304

Trust: 0.1

sources: VULHUB: VHN-181429 // VULMON: CVE-2020-3304 // JVNDB: JVNDB-2020-012597 // CNNVD: CNNVD-202010-1143 // NVD: CVE-2020-3304

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftd-webdos-fbzm5ynw

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-3304

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-asa-software-denial-of-service-via-http-requests-33674

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3642.3

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50234

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3642/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/alaial90/cve-2020-3304

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/cisco-dos-flaws-network-security-software/160414/

Trust: 0.1

sources: VULHUB: VHN-181429 // VULMON: CVE-2020-3304 // JVNDB: JVNDB-2020-012597 // CNNVD: CNNVD-202010-1143 // NVD: CVE-2020-3304

SOURCES

db:VULHUBid:VHN-181429
db:VULMONid:CVE-2020-3304
db:JVNDBid:JVNDB-2020-012597
db:CNNVDid:CNNVD-202010-1143
db:NVDid:CVE-2020-3304

LAST UPDATE DATE

2024-08-14T13:54:28.367000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181429date:2021-09-17T00:00:00
db:VULMONid:CVE-2020-3304date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2020-012597date:2021-05-14T08:19:00
db:CNNVDid:CNNVD-202010-1143date:2021-06-30T00:00:00
db:NVDid:CVE-2020-3304date:2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:VULHUBid:VHN-181429date:2020-10-21T00:00:00
db:VULMONid:CVE-2020-3304date:2020-10-21T00:00:00
db:JVNDBid:JVNDB-2020-012597date:2021-05-14T00:00:00
db:CNNVDid:CNNVD-202010-1143date:2020-10-21T00:00:00
db:NVDid:CVE-2020-3304date:2020-10-21T19:15:15.623