cvelistv5 - cve-2020-3255

CVE-2020-3255 (GCVE-0-2020-3255)

Vulnerability from cvelistv5

Published

2020-05-06 16:41

Modified

2024-11-15 17:24

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400

Summary

A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a high rate of IPv4 or IPv6 traffic through an affected device. This traffic would need to match a configured block action in an access control policy. An exploit could allow the attacker to cause a memory exhaustion condition on the affected device, which would result in a DoS for traffic transiting the device, as well as sluggish performance of the management interface. Once the flood is stopped, performance should return to previous states.

References

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR

vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Firepower Threat Defense Software	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:58.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200506 Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3255",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:21:29.568873Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:24:20.616Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-05-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a high rate of IPv4 or IPv6 traffic through an affected device. This traffic would need to match a configured block action in an access control policy. An exploit could allow the attacker to cause a memory exhaustion condition on the affected device, which would result in a DoS for traffic transiting the device, as well as sluggish performance of the management interface. Once the flood is stopped, performance should return to previous states."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-06T16:41:44.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200506 Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ftd-dos-N2vQZASR",
        "defect": [
          [
            "CSCvo80853"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-05-06T16:00:00-0700",
          "ID": "CVE-2020-3255",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Firepower Threat Defense Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a high rate of IPv4 or IPv6 traffic through an affected device. This traffic would need to match a configured block action in an access control policy. An exploit could allow the attacker to cause a memory exhaustion condition on the affected device, which would result in a DoS for traffic transiting the device, as well as sluggish performance of the management interface. Once the flood is stopped, performance should return to previous states."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.5",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200506 Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ftd-dos-N2vQZASR",
          "defect": [
            [
              "CSCvo80853"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3255",
    "datePublished": "2020-05-06T16:41:44.426Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-11-15T17:24:20.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR\", \"name\": \"20200506 Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:30:58.159Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3255\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T16:21:29.568873Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T16:22:15.170Z\"}}], \"cna\": {\"title\": \"Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability\", \"source\": {\"defect\": [[\"CSCvo80853\"]], \"advisory\": \"cisco-sa-ftd-dos-N2vQZASR\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Firepower Threat Defense Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2020-05-06T00:00:00.000Z\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR\", \"name\": \"20200506 Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a high rate of IPv4 or IPv6 traffic through an affected device. This traffic would need to match a configured block action in an access control policy. An exploit could allow the attacker to cause a memory exhaustion condition on the affected device, which would result in a DoS for traffic transiting the device, as well as sluggish performance of the management interface. Once the flood is stopped, performance should return to previous states.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-05-06T16:41:44.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.5\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\"}}, \"source\": {\"defect\": [[\"CSCvo80853\"]], \"advisory\": \"cisco-sa-ftd-dos-N2vQZASR\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco Firepower Threat Defense Software\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR\", \"name\": \"20200506 Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a high rate of IPv4 or IPv6 traffic through an affected device. This traffic would need to match a configured block action in an access control policy. An exploit could allow the attacker to cause a memory exhaustion condition on the affected device, which would result in a DoS for traffic transiting the device, as well as sluggish performance of the management interface. Once the flood is stopped, performance should return to previous states.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-400\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-3255\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-05-06T16:00:00-0700\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-3255\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T17:24:20.616Z\", \"dateReserved\": \"2019-12-12T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-05-06T16:41:44.426Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2020-AVI-274

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Cisco Adaptive Security Appliance et Firepower Threat Defense. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Note de l'éditeur :

les correctifs pour Cisco ASA ne sont pas disponibles pour les versions antérieures à 9.8, l'éditeur recommande de migrer vers une version plus récente ;
les correctifs pour Cisco FTD ne sont pas disponibles pour les versions antérieures à 6.2.3, l'éditeur recommande de migrer vers une version plus récente.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Firepower Threat Defense	Firepower Threat Defense (FTD) sur la plate-forme Firepower 1000 versions antérieures à 6.4.0.9, 6.5.0.5 et 6.6.0
Cisco	Firepower Threat Defense	Firepower Threat Defense (FTD) versions antérieures à 6.2.3.16, 6.3.0.6, 6.4.0.9, 6.5.0.5 et 6.6.0
Cisco	Adaptive Security Appliance	Adaptive Security Appliance (ASA) versions antérieures à 9.8.4.20, 9.9.2.67, 9.10.1.39, 9.12.3.9 et 9.13.1.10

References

Title

Publication Time

Tags

Bulletin de sécurité cisco-sa-asa-ssl-vpn-dos-qY7BHpjN du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ftd-dos-N2vQZASR du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ftd-tls-dos-4v5nmWtZ du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité cisco-sa-asaftd-path-JE3azWw43 du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité cisco-sa-asa-ftd-ospf-dos-RhMQY8qx du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ftd-dos-2-sS2h7aWe du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ftd-dos-Rdpe34sd8 du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité cisco-sa-asaftd-mgcp-SUqB8VKH du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité cisco-asa-kerberos-bypass-96Gghe2sS du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité cisco-sa-asaftd-ipv6-67pA658k du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité cisco-sa-asaftd-info-disclose-9eJtycMB du 06 mai 2020	None	vendor-advisory
Bulletin de sécurité cisco-sa-asaftd-info-disclose-9eJtycMB du 06 mai 2020	-	other
Bulletin de sécurité cisco-sa-asaftd-ipv6-67pA658k du 06 mai 2020	-	other
Bulletin de sécurité Cisco cisco-sa-ftd-tls-dos-4v5nmWtZ du 06 mai 2020	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firepower Threat Defense (FTD) sur la plate-forme Firepower 1000 versions ant\u00e9rieures \u00e0 6.4.0.9, 6.5.0.5 et 6.6.0",
      "product": {
        "name": "Firepower Threat Defense",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower Threat Defense (FTD) versions ant\u00e9rieures \u00e0 6.2.3.16, 6.3.0.6, 6.4.0.9, 6.5.0.5 et 6.6.0",
      "product": {
        "name": "Firepower Threat Defense",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Adaptive Security Appliance (ASA) versions ant\u00e9rieures \u00e0 9.8.4.20, 9.9.2.67, 9.10.1.39, 9.12.3.9 et 9.13.1.10",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nNote de l\u0027\u00e9diteur :\n\n-   les correctifs pour Cisco ASA ne sont pas disponibles pour les\n    versions ant\u00e9rieures \u00e0 9.8, l\u0027\u00e9diteur recommande de migrer vers une\n    version plus r\u00e9cente ;\n-   les correctifs pour Cisco FTD ne sont pas disponibles pour les\n    versions ant\u00e9rieures \u00e0 6.2.3, l\u0027\u00e9diteur recommande de migrer vers\n    une version plus r\u00e9cente.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3255"
    },
    {
      "name": "CVE-2020-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3195"
    },
    {
      "name": "CVE-2020-3191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3191"
    },
    {
      "name": "CVE-2020-3259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3259"
    },
    {
      "name": "CVE-2020-3187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3187"
    },
    {
      "name": "CVE-2020-3179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3179"
    },
    {
      "name": "CVE-2020-3283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3283"
    },
    {
      "name": "CVE-2020-3254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3254"
    },
    {
      "name": "CVE-2020-3196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3196"
    },
    {
      "name": "CVE-2020-3189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3189"
    },
    {
      "name": "CVE-2020-3298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3298"
    },
    {
      "name": "CVE-2020-3125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3125"
    }
  ],
  "initial_release_date": "2020-05-07T00:00:00",
  "last_revision_date": "2020-05-07T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-sa-asaftd-info-disclose-9eJtycMB du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-sa-asaftd-ipv6-67pA658k du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ftd-tls-dos-4v5nmWtZ du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ"
    }
  ],
  "reference": "CERTFR-2020-AVI-274",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco\nAdaptive Security Appliance et Firepower Threat Defense. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-sa-asa-ssl-vpn-dos-qY7BHpjN du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ftd-dos-N2vQZASR du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ftd-tls-dos-4v5nmWtZ du 06 mai 2020",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-sa-asaftd-path-JE3azWw43 du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-sa-asa-ftd-ospf-dos-RhMQY8qx du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ftd-dos-2-sS2h7aWe du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-2-sS2h7aWe"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ftd-dos-Rdpe34sd8 du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-Rdpe34sd8"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-sa-asaftd-mgcp-SUqB8VKH du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-asa-kerberos-bypass-96Gghe2sS du 06 mai 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-sa-asaftd-ipv6-67pA658k du 06 mai 2020",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-sa-asaftd-info-disclose-9eJtycMB du 06 mai 2020",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-3255 (GCVE-0-2020-3255)

Vulnerability from cvelistv5

CERTFR-2020-AVI-274

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature