Cisco ASA Software Vulnerability Could Lead to Unauthorized Reload and Denial of Service
CVE-2020-27124
8.6HIGH
Key Information:
- Vendor
- Cisco
- Vendor
- CVE Published:
- 18 November 2024
Summary
A flaw exists in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software that enables an unauthenticated remote attacker to disrupt normal operations by causing the affected device to unexpectedly reload. This situation arises from improper error handling during established SSL/TLS connections. An attacker can exploit this by initiating an SSL/TLS connection and transmitting a specially crafted malicious message, resulting in a potential denial of service (DoS) condition. Cisco has issued software updates to mitigate this risk; however, no workarounds are available.
Affected Version(s)
Cisco Adaptive Security Appliance (ASA) Software
References
CVSS V3.1
Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved