SB2020050709 - Multiple vulnerabilities in Cisco Firepower Threat Defense Software and Cisco Adaptive Security Appliance (ASA) Software
Published: May 7, 2020 Updated: May 7, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2020-3312)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the application policy configuration. A remote attacker can send a specially crafted traffic to an affected device and gain unauthorized read access to sensitive data.
2) Double Free (CVE-ID: CVE-2020-3179)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a memory handling error when the generic routing encapsulation (GRE) over IPv6 traffic is processed. A remote attacker can send a specially crafted GRE over IPv6 packets with either IPv4 or IPv6 payload, trigger double free error and cause a denial of service condition on the target system.
3) Resource exhaustion (CVE-ID: CVE-2020-3305)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the implementation of the Border Gateway Protocol (BGP) module. A remote attacker can send a specially crafted BGP packet, trigger resource exhaustion and perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2020-3303)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources with the application in the Internet Key Exchange version 1 (IKEv1) feature. A remote attacker can send malicious IKEv1 traffic to an affected device and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-infodis-kZxGtUJD
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-2-sS2h7aWe
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-P43GCE5j
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-BqYFRJt9