Security News > 2020 > October > Cisco Warns of Severe DoS Flaws in Network Security Software

Cisco Warns of Severe DoS Flaws in Network Security Software
2020-10-21 18:57

"The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory," according to Cisco in an update released on Wednesday.

The most severe of these flaws includes a vulnerability in Cisco Firepower Chassis Manager, which exists in the Firepower Extensible Operating System and provides management capabilities.

Cisco also patched multiple DoS flaws in its Adaptive Security Appliance software, including ones tied to CVE-2020-3304, CVE-2020-3529, CVE-2020-3528, CVE-2020-3554, CVE-2020-3572and CVE-2020-3373 that could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.

Another flaw of note, in the web services interface of Cisco Adaptive Security Appliance and Firepower Threat Defense, could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The flaw stems from the software not efficiently handling the writing of large files to specific folders on the local file system.

The new security alerts come a day after Cisco sent out an advisory warning that a flaw the Cisco Discovery Protocol implementation for Cisco IOS XR Software was being actively exploited by attackers.


News URL

https://threatpost.com/cisco-dos-flaws-network-security-software/160414/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-3304 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.6
2020-10-21 CVE-2020-3373 Memory Leak vulnerability in Cisco products
A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device.
network
low complexity
cisco CWE-401
8.6
2020-10-21 CVE-2020-3528 Resource Exhaustion vulnerability in Cisco Firepower Threat Defense
A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.5
2020-10-21 CVE-2020-3529 Resource Exhaustion vulnerability in Cisco products
A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.5
2020-10-21 CVE-2020-3554 Resource Exhaustion vulnerability in Cisco products
A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-400
7.5
2020-10-21 CVE-2020-3572 Memory Leak vulnerability in Cisco Firepower Threat Defense
A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-401
8.6

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751