Cisco ASA Software Vulnerability Could Lead to Unauthorized Reload and Denial of Service
CVE-2020-27124

8.6HIGH

Key Information:

Vendor
Cisco
Vendor
CVE Published:
18 November 2024

Summary

A flaw exists in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software that enables an unauthenticated remote attacker to disrupt normal operations by causing the affected device to unexpectedly reload. This situation arises from improper error handling during established SSL/TLS connections. An attacker can exploit this by initiating an SSL/TLS connection and transmitting a specially crafted malicious message, resulting in a potential denial of service (DoS) condition. Cisco has issued software updates to mitigate this risk; however, no workarounds are available.

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.