First published: Wed Oct 21 2020(Updated: )
A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation for certain fields of specific SSL/TLS messages. An attacker could exploit this vulnerability by sending a malformed SSL/TLS message through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. No manual intervention is needed to recover the device after it has reloaded.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Firepower Threat Defense | =6.3.0 | |
Cisco Firepower Threat Defense | =6.4.0 | |
Cisco Firepower Threat Defense | =6.5.0 | |
Cisco Firepower 2110 | ||
Cisco Firepower 2120 | ||
Cisco Firepower 2130 | ||
Cisco Firepower 2140 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-3562.
The severity of CVE-2020-3562 is high with a CVSS score of 8.6.
Cisco Firepower Threat Defense (FTD) Software versions 6.3.0, 6.4.0, and 6.5.0 are affected by CVE-2020-3562.
An attacker can exploit CVE-2020-3562 by sending specially crafted SSL/TLS packets to the affected device's SSL/TLS inspection feature.
Yes, Cisco has released software updates to address the vulnerability. Please refer to the Cisco Security Advisory for more information.