Vulnerabilities > CVE-2020-3283 - Out-of-bounds Write vulnerability in Cisco products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

cisco

CWE-787

nessus

NVD

Published: 2020-05-06

Updated: 2021-09-17

Summary

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Firepower Threat Defense 6.4.0 Cisco Firepower Threat Defense 6.4.0.1 Cisco Firepower Threat Defense 6.4.0.2 Cisco Firepower Threat Defense 6.4.0.3 Cisco Firepower Threat Defense 6.4.0.4 Cisco Firepower Threat Defense 6.4.0.5 Cisco Firepower Threat Defense 6.4.0.6 Cisco Firepower Threat Defense 6.4.0.7 Cisco Firepower Threat Defense 6.4.0.8	9
Hardware	Cisco Cisco Firepower 1010 - Cisco Firepower 1020 - Cisco Firepower 1030 - Cisco Firepower 1040 - Cisco ASA 5505 - Cisco ASA 5510 - Cisco ASA 5512 X - Cisco ASA 5515 X - Cisco ASA 5520 - Cisco ASA 5525 X - Cisco ASA 5540 - Cisco ASA 5545 X - Cisco ASA 5550 - Cisco ASA 5555 X - Cisco ASA 5580 - Cisco ASA 5585 X -	16
OS	Cisco Cisco ASA 5505 Firmware 9.12\(2.12\) Cisco ASA 5505 Firmware 9.13\(0.33\) Cisco ASA 5510 Firmware 9.12\(2.12\) Cisco ASA 5510 Firmware 9.13\(0.33\) Cisco ASA 5512 X Firmware 9.12\(2.12\) Cisco ASA 5512 X Firmware 9.13\(0.33\) Cisco ASA 5515 X Firmware 9.12\(2.12\) Cisco ASA 5515 X Firmware 9.13\(0.33\) Cisco ASA 5520 Firmware 9.12\(2.12\) Cisco ASA 5520 Firmware 9.13\(0.33\) Cisco ASA 5525 X Firmware 9.12\(2.12\) Cisco ASA 5525 X Firmware 9.13\(0.33\) Cisco ASA 5540 Firmware 9.12\(2.12\) Cisco ASA 5540 Firmware 9.13\(0.33\) Cisco ASA 5545 X Firmware 9.12\(2.12\) Cisco ASA 5545 X Firmware 9.13\(0.33\) Cisco ASA 5550 Firmware 9.12\(2.12\) Cisco ASA 5550 Firmware 9.13\(0.33\) Cisco ASA 5555 X Firmware 9.12\(2.12\) Cisco ASA 5555 X Firmware 9.13\(0.33\) Cisco ASA 5580 Firmware 9.12\(2.12\) Cisco ASA 5580 Firmware 9.13\(0.33\) Cisco ASA 5585 X Firmware 9.12\(2.12\) Cisco ASA 5585 X Firmware 9.13\(0.33\)	24

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	CISCO
NASL id	CISCO-SA-FTD-TLS-DOS-4V5NMWTZ.NASL
description	According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a denial of service (DoS) vulnerability in its SSL/TLS handler component due to a communication error between internal functions. An unauthenticated, remote attacker can exploit this issue, by sending a crafted SSL/TLS message to an affected host, to cause the application to stop responding. Please see the included Cisco BIDs and Cisco Security Advisory for more information.
last seen	2020-06-05
modified	2020-05-26
plugin id	136891
published	2020-05-26
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136891
title	Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability (cisco-sa-ftd-tls-dos-4v5nmWtZ)
code	#TRUSTED 228ede2880c0b82c6d3cae5347fd57b671a1acd8dec75210ee08fcadb0333ae2d9b5b96e8c21ead4342328c6d340eed76cc12ff3ac6b480f0cb36e95e41e51631c8e30d0218ab4833aeb82b88dd944ad43740d455f6a711ecc1ab07d202e75ebe4f73cf9f42cd27441ad991605ebf958e923040c4c43d85fba9bf09259b0cef33b76f36e3d68874e5fafb2adb4934fa66e97789840153c12a164a2bf9aa14f0cd6fa0a6d4e8c1c05c4c4724b9fb96d288076bc06cf5383288212731034b0bb33d42ca81063476caeef5c05a2f23fea1b8c95c984c70c186615ed78513119caad026236475e96823e67ae2d41b0da703fc28e54ba6234b6ec3659a5603886510f40a4edef9423c5db46648eee7d9052828e81fde5bf06f30efc82f82762025516f680a09c373faa0dbd42ff6da9815d8b19a8b3b8bd0d44eea4e7c4eba53da09a601df50aa247fc0adb26ed0dd77b7bc70c77b6e998535954c9199d9f0fff9ed516a944fc406f811111d88dc638bedd9c6302d9d1e12b0132ec55ef11231e6d60f8f2d3c13a1ea6d9949d704e8d40ef10382e0a3243335b6abde134ee4e3d224dc45ef6ad0784d3dd40561b4a7f721487eee000ca62d40661f17c0d46055615183206d5e75d5429390ca288c5aa4a2fecdbb29ae35b634f5c43731731307e677c0b8980ec48b3f4f5f4839db145a45eef6f208f4572a521185d1308fe56448ac1 # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(136891); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2020-3283"); script_xref(name:"CISCO-BUG-ID", value:"CSCvq89361"); script_xref(name:"CISCO-SA", value:"cisco-sa-ftd-tls-dos-4v5nmWtZ"); script_xref(name:"IAVA", value:"2020-A-0205"); script_name(english:"Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability (cisco-sa-ftd-tls-dos-4v5nmWtZ)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a denial of service (DoS) vulnerability in its SSL/TLS handler component due to a communication error between internal functions. An unauthenticated, remote attacker can exploit this issue, by sending a crafted SSL/TLS message to an affected host, to cause the application to stop responding. Please see the included Cisco BIDs and Cisco Security Advisory for more information."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7b40117e"); script_set_attribute(attribute:"see_also", value:"http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-73830"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq89361"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvq89361"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3283"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(119); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:firepower_threat_defense"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl", "cisco_asa_firepower_version.nasl", "cisco_enumerate_firepower.nbin"); script_require_keys("installed_sw/Cisco Firepower Threat Defense", "Settings/ParanoidReport"); exit(0); } include('ccf.inc'); include('cisco_workarounds.inc'); product_info = cisco::get_product_info(name:'Cisco Firepower Threat Defense'); product_info['model'] = product_info['Model']; # Hotfix detection not yet in place. if (report_paranoia < 2) audit(AUDIT_PARANOID); if(isnull(product_info['model']) \|\| product_info['model'] !~ "^10[0-9]{2}") audit(AUDIT_HOST_NOT, 'an affected model'); vuln_ranges = [{'min_ver' : '6.4.0', 'fix_ver': '6.4.0.9'}]; workarounds = make_list(CISCO_WORKAROUNDS['asa_ssl_tls']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_WARNING, 'version' , product_info['version'], 'bug_id' , 'CSCvq89361' ); cisco::check_and_report( product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_ranges:vuln_ranges );

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ