VDB

CVE-2020-3283

CVE-2020-3283 PUBLISHED CVSS 8.600000381469727 HIGH

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload.

EPSS 1.31% · 80.2th percentile

Risk Scores

CVSS 3.0
8.600000381469727
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
1.31%
80.2th percentile

Affected Products

VendorProductVersions
ciscoasa_5515-x_firmware9.13\(0.33\), 9.12\(2.12\)
ciscoasa_5512-x_firmware9.12\(2.12\), 9.13\(0.33\)
ciscoasa_5555-x_firmware*, 9.12\(2.12\)
ciscoasa_5585-x_firmware9.12\(2.12\), 9.13\(0.33\)
ciscoasa_5505_firmware9.12\(2.12\), 9.13\(0.33\)
CiscoCisco Firepower Threat Defense Software*
ciscoasa_5545-x_firmware9.13\(0.33\), 9.12\(2.12\)
ciscoasa_5520_firmware9.12\(2.12\), 9.13\(0.33\)
ciscoasa_5540_firmware9.12\(2.12\), 9.13\(0.33\)
ciscoasa_5525-x_firmware9.12\(2.12\), 9.13\(0.33\)
ciscoasa_5580_firmware9.13\(0.33\), *
ciscofirepower_threat_defense6.4.0
ciscoasa_5550_firmware9.13\(0.33\), 9.12\(2.12\)
ciscoasa_5510_firmware9.13\(0.33\), *

Exploit Intelligence

Timeline

  • May 6, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Sep 18, 2021 EPSS Score
  • Oct 11, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›