Main Vulnerability Database Vulnerabilities #VU27686

#VU27686 Buffer overflow in Cisco Firewall Threat Defense (FTD) - CVE-2020-3283

Published: May 11, 2020

Vulnerability identifier: #VU27686

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-3283

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Firewall Threat Defense (FTD)

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a communication error between internal functions in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler. A remote attacker can send a specially crafted SSL/TLS message, trigger memory corruption and cause a denial of service condition on the target system.

Note: This vulnerability affects Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform.

Remediation

Vendor recommends to update the Cisco FTD Software to version 6.4.0.9 (May 2020), 6.5.0.5 (future release).

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ

#VU27686 Buffer overflow in Cisco Firewall Threat Defense (FTD) - CVE-2020-3283

Description

Remediation

External links

Please verify you're human