SB2020102721 - Denial of service in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020102721

SB2020102721 - Denial of service in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software

Published: October 27, 2020

Security Bulletin ID SB2020102721
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Improper Resource Shutdown or Release (CVE-ID: CVE-2020-3555)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. 

The vulnerability exists due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from the connection list. A remote attacker can send a high rate of specially crafted SIP traffic through an affected device and cause a denial of service condition on the target system.


Remediation

Install update from vendor's website.

References