A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted Datagram TLS (DTLS) traffic to an affected device. A successful exploit could allow the attacker to exhaust DMA memory on the device and cause a DoS condition.
References
| Link | Resource |
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Aug 2023, 16:17
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Cisco adaptive Security Appliance Software
|
|
| CPE | cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* |
Information
Published : 2020-10-21 19:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-3529
Mitre link : CVE-2020-3529
CVE.ORG link : CVE-2020-3529
JSON object : View
Products Affected
cisco
- adaptive_security_appliance
- adaptive_security_appliance_software
- firepower_threat_defense
CWE
CWE-400
Uncontrolled Resource Consumption