VDB
CVE-2020-3259
CVE-2020-3259
PUBLISHED
KEV
In der Webservice Schnittstelle der Cisco Adaptive Security Appliance (ASA) Software und Cisco Firepower Threat Defense (FTD) Software existiert eine Schwachstelle. Sie beruht auf einem Fehler bei der Verarbeitung von Daten beim Parsen ungültiger URL. Ein entfernter anonymer Angreifer kann dieses durch Übermittlung geeignet gestalteter Daten nutzen und vertrauliche Informationen einsehen. Nur spezielle AnyConnect und WebVPN Konfigurationen sind von dieser Schwachstelle betroffen.
EPSS 69.73% · 98.7th percentile
Risk Scores
EPSS Score
69.73%
98.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Firepower Threat Defense (FTD) | |
| Cisco | Cisco ASA (Adaptive Security Appliance) |
Exploit Intelligence
- CIRCL seen: CVE-2020-3259 (circl-sighting)
- CIRCL seen: CVE-2020-3259 (circl-sighting)
- CIRCL seen: CVE-2020-3259 (circl-sighting)
- CIRCL exploited: CVE-2020-3259 (circl-sighting)
- CIRCL seen: CVE-2020-3259 (circl-sighting)
- CIRCL seen: CVE-2020-3259 (circl-sighting)
- CIRCL seen: CVE-2020-3259 (circl-sighting)
- CIRCL seen: CVE-2020-3259 (circl-sighting)
- CIRCL seen: CVE-2020-3259 (circl-sighting)
- CIRCL seen: CVE-2020-3259 (circl-sighting)
…and 36 more exploits
Timeline
- May 6, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Oct 9, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Feb 15, 2024 CISA KEV Added
- Feb 16, 2024 PoC Published
- Apr 19, 2024 PoC Published
- Jun 15, 2024 EPSS Score
- Nov 11, 2024 PoC Published
- Dec 3, 2024 PoC Published
- Feb 23, 2025 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2024-0450.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0450 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-BqYFRJt9 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-P43GCE5j advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-qk8cTGLz advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN advisory
- https://www.exploitalert.com/view-details.html?id=36008 exploit