A Vulnerability with Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Denial of Service

ITS ADVISORY NUMBER: 

2020-147 - UPDATED

DATE(S) ISSUED: 

Thursday, October 22, 2020

DATE UPDATED: 

Friday, October 23, 2020

SUBJECT: 

A Vulnerability with Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Denial of Service

OVERVIEW: 

A vulnerability has been discovered in Cisco Adaptive Security Appliance and Firepower Threat Defense, which could allow for a denial of service condition. Cisco Adaptive Security Appliance is the core operating system that delivers enterprise-class firewall capabilities and Cisco Firepower Threat Defense is an integrative software image. Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service condition.

October 23 - UPDATED OVERVIEW:

Multiple vulnerability has been discovered in Cisco Adaptive Security Appliance and Firepower Threat Defense, which could allow for a denial of service condition. Cisco Adaptive Security Appliance is the core operating system that delivers enterprise-class firewall capabilities and Cisco Firepower Threat Defense is an integrative software image. Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service condition.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED: 

  • Cisco Adaptive Security Appliance prior to 9.12.4.2

  • Cisco Adaptive Security Appliance prior to 9.13.1.12

  • Cisco Adaptive Security Appliance prior to 9.14.1.9

  • Cisco Firepower Threat Defense Software prior to 6.4.0.9

  • Cisco Firepower Threat Defense Software prior to 6.6.0.1

RISK:

Government:

Large and medium government entities: High

Small government entities: High

Business:

Large and medium business entities: High

Small business entities: High

Home Users: Low

 

DESCRIPTION: 

A vulnerability has been discovered in Cisco Adaptive Security Appliance and Firepower Threat Defense, which could allow for a denial of service condition due to a memory-exhaustion condition. Specifically, this issue occurs when processing certain TCP packets. An attacker can exploit this issue by sending a high rate of specially-crafted TCP traffic through an affected device. Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service condition.

October 23 - UPDATED DESCRIPTION:

Multiple vulnerability has been discovered in Cisco Adaptive Security Appliance and Firepower Threat Defense, which could allow for a denial of service condition. Details of the vulnerabilities are as follows: 

  • A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. (CVE-2020-3304)

  • A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denial of service (DoS) condition. (CVE-2020-3373)

  • A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. (CVE-2020-3529)

  • A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. (CVE-2020-3533)

  • A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3554)

  • A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3562)

  • A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3563)

  • A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3571)

  • A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3572) 

Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service condition. 

ACTIONS: 

  • After appropriate testing, immediately apply the patches or mitigations provided by Cisco to vulnerable systems. 

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES: 

Cisco:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3554

October 23 – UPDATED REFERENCES:
Cisco:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3572