Security News > 2020 > October > Cisco Warns of Severe DoS Flaws in Network Security Software
"The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory," according to Cisco in an update released on Wednesday.
The most severe of these flaws includes a vulnerability in Cisco Firepower Chassis Manager, which exists in the Firepower Extensible Operating System and provides management capabilities.
Cisco also patched multiple DoS flaws in its Adaptive Security Appliance software, including ones tied to CVE-2020-3304, CVE-2020-3529, CVE-2020-3528, CVE-2020-3554, CVE-2020-3572and CVE-2020-3373 that could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.
Another flaw of note, in the web services interface of Cisco Adaptive Security Appliance and Firepower Threat Defense, could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The flaw stems from the software not efficiently handling the writing of large files to specific folders on the local file system.
The new security alerts come a day after Cisco sent out an advisory warning that a flaw the Cisco Discovery Protocol implementation for Cisco IOS XR Software was being actively exploited by attackers.
News URL
https://threatpost.com/cisco-dos-flaws-network-security-software/160414/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-3304 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 8.6 |
| 2020-10-21 | CVE-2020-3373 | Memory Leak vulnerability in Cisco products A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. | 8.6 |
| 2020-10-21 | CVE-2020-3528 | Resource Exhaustion vulnerability in Cisco Firepower Threat Defense A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 7.5 |
| 2020-10-21 | CVE-2020-3529 | Resource Exhaustion vulnerability in Cisco products A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 7.5 |
| 2020-10-21 | CVE-2020-3554 | Resource Exhaustion vulnerability in Cisco products A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2020-10-21 | CVE-2020-3572 | Memory Leak vulnerability in Cisco Firepower Threat Defense A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |