CVE-2020-3188: A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticate...

Description

A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Probability

1.68%

73.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Firepower Threat Defense	>= 6.4.0, < 6.4.0.9
Cisco	Firepower Threat Defense	>= 6.5.0, < 6.5.0.5
Cisco	Asa 5505 Firmware	9.8\(3\)
Cisco	Asa 5505 Firmware	101.6\(1.96\)
Cisco	Asa 5510 Firmware	9.8\(3\)
Cisco	Asa 5510 Firmware	101.6\(1.96\)
Cisco	Asa 5512-X Firmware	9.8\(3\)
Cisco	Asa 5512-X Firmware	101.6\(1.96\)
Cisco	Asa 5515-X Firmware	9.8\(3\)
Cisco	Asa 5515-X Firmware	101.6\(1.96\)
Cisco	Asa 5520 Firmware	9.8\(3\)
Cisco	Asa 5520 Firmware	101.6\(1.96\)
Cisco	Asa 5525-X Firmware	9.8\(3\)
Cisco	Asa 5525-X Firmware	101.6\(1.96\)
Cisco	Asa 5540 Firmware	9.8\(3\)
Cisco	Asa 5540 Firmware	101.6\(1.96\)
Cisco	Asa 5545-X Firmware	9.8\(3\)
Cisco	Asa 5545-X Firmware	101.6\(1.96\)
Cisco	Asa 5550 Firmware	9.8\(3\)
Cisco	Asa 5550 Firmware	101.6\(1.96\)
Cisco	Asa 5555-X Firmware	9.8\(3\)
Cisco	Asa 5555-X Firmware	101.6\(1.96\)
Cisco	Asa 5580 Firmware	9.8\(3\)
Cisco	Asa 5580 Firmware	101.6\(1.96\)
Cisco	Asa 5585-X Firmware	9.8\(3\)
Cisco	Asa 5585-X Firmware	101.6\(1.96\)

References

Timeline

Published: May 6, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-3188?

A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only.

How severe is CVE-2020-3188?

CVE-2020-3188 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 1.68% probability of exploitation in the next 30 days.

How do I fix CVE-2020-3188?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.