Vulnerabilities > CVE-2020-3188 - Insufficient Session Expiration vulnerability in Cisco products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
cisco
CWE-613
nessus
NVD
Published: 2020-05-06
Updated: 2021-08-12

Summary

A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only.

Vulnerable Configurations

Part Description Count
Application
Cisco
13
OS
Cisco
24
Hardware
Cisco
12

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO-SA-FTD-MGMT-INTERFACE-DOS-FKG4MUTU.NASL
descriptionAccording to its self-reported version, Cisco Firepower Threat Defense Software is affected by a denial of service (DoS) vulnerability in the management interface due to how FTD handles session timeouts for management connections. An unauthenticated, remote attacker can exploit this issue, by sending a large and sustained number of crafted remote management connections to an affected device, to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding.
last seen2020-06-13
modified2020-05-27
plugin id136918
published2020-05-27
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/136918
titleCisco Firepower Threat Defense Software Management Interface DoS (cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU)
code
#TRUSTED a42b8f56563e0463922f635bfa03a4833706a34d8df349432d157d48293365a92e1f4394bdfc5d686662046179ea7f333feb327e6a830616c11185cd207bd7474e6952e264b71baf8ba16faf16b87f2bb2c4a0275fe92ce6e39b7993157b0879e9d66f0c1283180591e77edebef49c618ade75876b9e6a205caeb915d89b05096e25ce99e23bcef29d8af13c47e200907757bd2f3ea27c06752ee418326c642bc910cefdd6fee2e1a20b98346d197e6c6065b2989a10edf063c71fa438a02fab074a80ff9f7233c1fb661319360970f18cc5a8a38486f66f56e9cd6990d07eddcd47b4d040f91d9e758aa918b4613ee1ffbe91e08c8ac32da7373cca1fceae4f270b33a1d19e7d215b36171b0be60fa1a11c88a078fce0582bb3783743f13ceed733ff338501b0e32a04825dba71cc90f26c41ca59d1a581f3ee862741b9457d9dee95705a29fd55d6d5701d2d0fff65a5fdca91763323ac300fdfd634328107a15adaba1c5b6cd730bfd0b6a62a25002c06aa3f6f8f6f97e8fa486929e8e7bee258438206d1d05b5fff7e588770c1111e6a37d7016c0d68699c058d1192e92ad81a13da961ff4a778ee1404d8df422b0cba7f285d2d771e216228ba35c62ed4e6908dcb978aebd4e8b0462df73155053479b127231df6e67ad4df2fb6f5f39f9090b59532d3a9a9dd63d01be80d85b50214960ac1870770c8183028e80af90d
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(136918);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

  script_cve_id("CVE-2020-3188");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvo31790");
  script_xref(name:"CISCO-SA", value:"cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU");
  script_xref(name:"IAVA", value:"2020-A-0205");

  script_name(english:"Cisco Firepower Threat Defense Software Management Interface DoS (cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a denial of service
(DoS) vulnerability in the management interface due to how FTD handles session timeouts for management connections. An
unauthenticated, remote attacker can exploit this issue, by sending a large and sustained number of crafted remote
management connections to an affected device, to cause the remote management interface or Cisco Firepower Device Manager
(FDM) to stop responding.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2b75ff2a");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo31790");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvo31790.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3188");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:firepower_threat_defense");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_enumerate_firepower.nbin");
  script_require_keys("installed_sw/Cisco Firepower Threat Defense", "Host/Cisco/Firepower");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco Firepower Threat Defense');

vuln_ranges = [
  {'min_ver' : '0.0',   'fix_ver': '6.4.0.9'},
  {'min_ver' : '6.5.0', 'fix_ver': '6.5.0.5'}
];

# Indicates that we've successfully run "rpm -qa --last" in expert mode to get the list of applied hotfixes.
expert = get_kb_item("Host/Cisco/FTD_CLI/1/expert");

# This plugin needs a hotfix check. If we havent successfully run expert to gather these, we should require paranoia.
if (!expert)
{
  if (report_paranoia < 2)
    audit(AUDIT_PARANOID);

  extra = 'Note that Nessus was unable to check for hotfixes';
}
else
{
  # For 6.5.0, advisory specifies the hotfix name "and later", so ver_compare is TRUE
  hotfixes['6.5.0'] = {'hotfix' : 'Hotfix_H-6.5.0.5-2', 'ver_compare' : TRUE};
}


reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_WARNING,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvo31790',
  'fix'      , 'See vendor advisory',
  'extra'    , extra
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_ranges:vuln_ranges,
  firepower_hotfixes:hotfixes
);

References