Cisco ASA Software Vulnerability Could Lead to Unauthorized Reload and Denial of Service
CVE-2020-27124

8.6HIGH

Key Information:

Vendor

Cisco
Status
Cisco Adaptive Security Appliance (asa) Software
Vendor
CVE Published:
18 November 2024

What is CVE-2020-27124?

A flaw exists in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software that enables an unauthenticated remote attacker to disrupt normal operations by causing the affected device to unexpectedly reload. This situation arises from improper error handling during established SSL/TLS connections. An attacker can exploit this by initiating an SSL/TLS connection and transmitting a specially crafted malicious message, resulting in a potential denial of service (DoS) condition. Cisco has issued software updates to mitigate this risk; however, no workarounds are available.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.