Strix
26.1K

CVE-2020-3195

HIGHCVSS 7.5/10EPSS 1.87%

Last modified

CVE-2020-3195 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. EPSS estimates a 1.87% chance of exploitation in the next 30 days.

Description

A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
1.87%

76.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoFirepower Threat Defense>= 6.4.0, < 6.4.0.9
CiscoFirepower Threat Defense>= 6.5.0, < 6.5.0.5
CiscoAsa 5505 Firmware9.12\(2\)
CiscoAsa 5510 Firmware9.12\(2\)
CiscoAsa 5512-X Firmware9.12\(2\)
CiscoAsa 5515-X Firmware9.12\(2\)
CiscoAsa 5520 Firmware9.12\(2\)
CiscoAsa 5525-X Firmware9.12\(2\)
CiscoAsa 5540 Firmware9.12\(2\)
CiscoAsa 5545-X Firmware9.12\(2\)
CiscoAsa 5550 Firmware9.12\(2\)
CiscoAsa 5555-X Firmware9.12\(2\)
CiscoAsa 5580 Firmware9.12\(2\)
CiscoAsa 5585-X Firmware9.12\(2\)
CiscoAdaptive Security Appliance Software>= 9.12, < 9.12.3.2
CiscoAdaptive Security Appliance Software>= 9.13, < 9.13.1.7

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-3195?
A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition.
How severe is CVE-2020-3195?
CVE-2020-3195 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.87% probability of exploitation in the next 30 days.
How do I fix CVE-2020-3195?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-3195?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST