Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2020-12068 – Security update for CODEYS V3 Visualization
May 8, 2020
Rewterz
Rewterz Threat Advisory – ICS: Advantech WebAccess Node
May 8, 2020

Rewterz Threat Advisory – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Security Updates

Severity

High

Analysis Summary

CVE-2020-3298

The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device.

CVE-2020-3195

The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition.

CVE-2020-3259

The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information.

CVE-2020-3191

The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only.

CVE-2020-3196

The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic.

Impact

  • Denial of Service
  • Exposure of sensitive data 

Affected Vendors

Cisco

Affected Products

  • Cisco ASA
  • Cisco FTD

Remediation

Refer to vendor’s advisory for the list of affected products and upgraded patches.

https://tools.cisco.com/security/center/publicationListing.x