CVE-2020-3189: Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability
First published: Wed May 06 2020(Updated: )
A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak that can deplete system memory over time, which can cause unexpected system behaviors or device crashes. The vulnerability is due to the system memory not being properly freed for a VPN System Logging event generated when a VPN session is created or deleted. An attacker could exploit this vulnerability by repeatedly creating or deleting a VPN tunnel connection, which could leak a small amount of system memory for each logging event. A successful exploit could allow the attacker to cause system memory depletion, which can lead to a systemwide denial of service (DoS) condition. The attacker does not have any control of whether VPN System Logging is configured or not on the device, but it is enabled by default.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Threat Defense | =6.2.3.12 | |
| Cisco Firepower Threat Defense | =6.2.3.13 | |
| Cisco Firepower Threat Defense | =6.2.3.14 | |
| Cisco Firepower Threat Defense | =6.2.3.15 | |
| Cisco Asa 5505 Firmware | =9.9\(2\) | |
| Cisco Asa 5505 Firmware | =9.9\(2.21\) | |
| Cisco Asa 5505 Firmware | =9.9\(2.52\) | |
| Cisco Asa 5505 Firmware | =9.9\(2.55\) | |
| Cisco Asa 5505 | ||
| Cisco Asa 5510 Firmware | =9.9\(2\) | |
| Cisco Asa 5510 Firmware | =9.9\(2.21\) | |
| Cisco Asa 5510 Firmware | =9.9\(2.52\) | |
| Cisco Asa 5510 Firmware | =9.9\(2.55\) | |
| Cisco Asa 5510 | ||
| Cisco Asa 5512-x Firmware | =9.9\(2\) | |
| Cisco Asa 5512-x Firmware | =9.9\(2.21\) | |
| Cisco Asa 5512-x Firmware | =9.9\(2.52\) | |
| Cisco Asa 5512-x Firmware | =9.9\(2.55\) | |
| Cisco Asa 5512-x | ||
| Cisco Asa 5515-x Firmware | =9.9\(2\) | |
| Cisco Asa 5515-x Firmware | =9.9\(2.21\) | |
| Cisco Asa 5515-x Firmware | =9.9\(2.52\) | |
| Cisco Asa 5515-x Firmware | =9.9\(2.55\) | |
| Cisco Asa 5515-x | ||
| Cisco Asa 5520 Firmware | =9.9\(2\) | |
| Cisco Asa 5520 Firmware | =9.9\(2.21\) | |
| Cisco Asa 5520 Firmware | =9.9\(2.52\) | |
| Cisco Asa 5520 Firmware | =9.9\(2.55\) | |
| Cisco Asa 5520 | ||
| Cisco Asa 5525-x Firmware | =9.9\(2\) | |
| Cisco Asa 5525-x Firmware | =9.9\(2.21\) | |
| Cisco Asa 5525-x Firmware | =9.9\(2.52\) | |
| Cisco Asa 5525-x Firmware | =9.9\(2.55\) | |
| Cisco Asa 5525-x | ||
| Cisco Asa 5540 Firmware | =9.9\(2\) | |
| Cisco Asa 5540 Firmware | =9.9\(2.21\) | |
| Cisco Asa 5540 Firmware | =9.9\(2.52\) | |
| Cisco Asa 5540 Firmware | =9.9\(2.55\) | |
| Cisco Asa 5540 | ||
| Cisco Asa 5545-x Firmware | =9.9\(2\) | |
| Cisco Asa 5545-x Firmware | =9.9\(2.21\) | |
| Cisco Asa 5545-x Firmware | =9.9\(2.52\) | |
| Cisco Asa 5545-x Firmware | =9.9\(2.55\) | |
| Cisco Asa 5545-x | ||
| Cisco Asa 5550 Firmware | =9.9\(2\) | |
| Cisco Asa 5550 Firmware | =9.9\(2.21\) | |
| Cisco Asa 5550 Firmware | =9.9\(2.52\) | |
| Cisco Asa 5550 Firmware | =9.9\(2.55\) | |
| Cisco Asa 5550 | ||
| Cisco Asa 5555-x Firmware | =9.9\(2\) | |
| Cisco Asa 5555-x Firmware | =9.9\(2.21\) | |
| Cisco Asa 5555-x Firmware | =9.9\(2.52\) | |
| Cisco Asa 5555-x Firmware | =9.9\(2.55\) | |
| Cisco Asa 5555-x | ||
| Cisco Asa 5580 Firmware | =9.9\(2\) | |
| Cisco Asa 5580 Firmware | =9.9\(2.21\) | |
| Cisco Asa 5580 Firmware | =9.9\(2.52\) | |
| Cisco Asa 5580 Firmware | =9.9\(2.55\) | |
| Cisco Asa 5580 | ||
| Cisco Asa 5585-x Firmware | =9.9\(2\) | |
| Cisco Asa 5585-x Firmware | =9.9\(2.21\) | |
| Cisco Asa 5585-x Firmware | =9.9\(2.52\) | |
| Cisco Asa 5585-x Firmware | =9.9\(2.55\) | |
| Cisco Asa 5585-x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3189 vulnerability about?
The vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak leading to system crashes.
How severe is CVE-2020-3189 vulnerability?
The severity of CVE-2020-3189 vulnerability is high with a CVSS score of 8.6.
Which software versions are affected by CVE-2020-3189?
Cisco Firepower Threat Defense versions 6.2.3.12, 6.2.3.13, 6.2.3.14, and 6.2.3.15 are affected by CVE-2020-3189 vulnerability.
Is the Cisco ASA 5505 Firmware affected by CVE-2020-3189?
Yes, Cisco ASA 5505 Firmware versions 9.9(2), 9.9(2.21), 9.9(2.52), and 9.9(2.55) are affected by the CVE-2020-3189 vulnerability.
Where can I find more information about CVE-2020-3189 vulnerability?
You can find more information about CVE-2020-3189 vulnerability on the Cisco Security Advisory page.
- collector/nvd-index
- agent/weakness
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/title
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco firepower threat defense
- version/cisco firepower threat defense/6.2.3.12
- version/cisco firepower threat defense/6.2.3.13
- version/cisco firepower threat defense/6.2.3.14
- version/cisco firepower threat defense/6.2.3.15
- canonical/cisco asa 5505 firmware
- version/cisco asa 5505 firmware/9.9\(2\)
- version/cisco asa 5505 firmware/9.9\(2.21\)
- version/cisco asa 5505 firmware/9.9\(2.52\)
- version/cisco asa 5505 firmware/9.9\(2.55\)
- canonical/cisco asa 5505
- canonical/cisco asa 5510 firmware
- version/cisco asa 5510 firmware/9.9\(2\)
- version/cisco asa 5510 firmware/9.9\(2.21\)
- version/cisco asa 5510 firmware/9.9\(2.52\)
- version/cisco asa 5510 firmware/9.9\(2.55\)
- canonical/cisco asa 5510
- canonical/cisco asa 5512-x firmware
- version/cisco asa 5512-x firmware/9.9\(2\)
- version/cisco asa 5512-x firmware/9.9\(2.21\)
- version/cisco asa 5512-x firmware/9.9\(2.52\)
- version/cisco asa 5512-x firmware/9.9\(2.55\)
- canonical/cisco asa 5512-x
- canonical/cisco asa 5515-x firmware
- version/cisco asa 5515-x firmware/9.9\(2\)
- version/cisco asa 5515-x firmware/9.9\(2.21\)
- version/cisco asa 5515-x firmware/9.9\(2.52\)
- version/cisco asa 5515-x firmware/9.9\(2.55\)
- canonical/cisco asa 5515-x
- canonical/cisco asa 5520 firmware
- version/cisco asa 5520 firmware/9.9\(2\)
- version/cisco asa 5520 firmware/9.9\(2.21\)
- version/cisco asa 5520 firmware/9.9\(2.52\)
- version/cisco asa 5520 firmware/9.9\(2.55\)
- canonical/cisco asa 5520
- canonical/cisco asa 5525-x firmware
- version/cisco asa 5525-x firmware/9.9\(2\)
- version/cisco asa 5525-x firmware/9.9\(2.21\)
- version/cisco asa 5525-x firmware/9.9\(2.52\)
- version/cisco asa 5525-x firmware/9.9\(2.55\)
- canonical/cisco asa 5525-x
- canonical/cisco asa 5540 firmware
- version/cisco asa 5540 firmware/9.9\(2\)
- version/cisco asa 5540 firmware/9.9\(2.21\)
- version/cisco asa 5540 firmware/9.9\(2.52\)
- version/cisco asa 5540 firmware/9.9\(2.55\)
- canonical/cisco asa 5540
- canonical/cisco asa 5545-x firmware
- version/cisco asa 5545-x firmware/9.9\(2\)
- version/cisco asa 5545-x firmware/9.9\(2.21\)
- version/cisco asa 5545-x firmware/9.9\(2.52\)
- version/cisco asa 5545-x firmware/9.9\(2.55\)
- canonical/cisco asa 5545-x
- canonical/cisco asa 5550 firmware
- version/cisco asa 5550 firmware/9.9\(2\)
- version/cisco asa 5550 firmware/9.9\(2.21\)
- version/cisco asa 5550 firmware/9.9\(2.52\)
- version/cisco asa 5550 firmware/9.9\(2.55\)
- canonical/cisco asa 5550
- canonical/cisco asa 5555-x firmware
- version/cisco asa 5555-x firmware/9.9\(2\)
- version/cisco asa 5555-x firmware/9.9\(2.21\)
- version/cisco asa 5555-x firmware/9.9\(2.52\)
- version/cisco asa 5555-x firmware/9.9\(2.55\)
- canonical/cisco asa 5555-x
- canonical/cisco asa 5580 firmware
- version/cisco asa 5580 firmware/9.9\(2\)
- version/cisco asa 5580 firmware/9.9\(2.21\)
- version/cisco asa 5580 firmware/9.9\(2.52\)
- version/cisco asa 5580 firmware/9.9\(2.55\)
- canonical/cisco asa 5580
- canonical/cisco asa 5585-x firmware
- version/cisco asa 5585-x firmware/9.9\(2\)
- version/cisco asa 5585-x firmware/9.9\(2.21\)
- version/cisco asa 5585-x firmware/9.9\(2.52\)
- version/cisco asa 5585-x firmware/9.9\(2.55\)
- canonical/cisco asa 5585-x