CVE-2020-3564: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Bypass Vulnerability
First published: Wed Oct 21 2020(Updated: )
A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and successfully complete FTP connections.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Adaptive Security Appliance | <9.6 | |
| Cisco Firepower Threat Defense | <6.3.0.6 | |
| Cisco Firepower Threat Defense | >=6.4.0<6.4.0.10 | |
| Cisco Firepower Threat Defense | >=6.5.0<6.5.0.5 | |
| Cisco Firepower Threat Defense | >=6.6.0<6.6.1 | |
| Cisco Adaptive Security Appliance Software | >=9.8.0<9.8.4.26 | |
| Cisco Adaptive Security Appliance Software | >=9.9.0<9.9.2.80 | |
| Cisco Adaptive Security Appliance Software | >=9.10.0<9.10.1.44 | |
| Cisco Adaptive Security Appliance Software | >=9.12.0<9.12.4.4 | |
| Cisco Adaptive Security Appliance Software | >=9.13.0<9.13.1.13 | |
| Cisco Adaptive Security Appliance Software | >=9.14.0<9.14.1.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software vulnerability?
The vulnerability ID for this Cisco ASA and FTD vulnerability is CVE-2020-3564.
What is the severity rating of CVE-2020-3564?
CVE-2020-3564 has a severity rating of medium.
How does this vulnerability in Cisco ASA and FTD affect the software?
This vulnerability in Cisco ASA and FTD allows an unauthenticated, remote attacker to bypass FTP inspection.
Which versions of Cisco ASA and FTD Software are affected by CVE-2020-3564?
CVE-2020-3564 affects Cisco ASA Software versions up to and excluding 9.6, and Cisco FTD Software versions up to and including 6.3.0.6, 6.4.0 to 6.4.0.10, 6.5.0 to 6.5.0.5, and 6.6.0 to 6.6.1.
How can I find more information about CVE-2020-3564?
You can find more information about CVE-2020-3564 in the Cisco Security Advisory at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ftpbypass-HY3UTxYu).
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/cisco
- canonical/cisco adaptive security appliance
- canonical/cisco firepower threat defense
- version/cisco firepower threat defense/6.4.0
- version/cisco firepower threat defense/6.5.0
- version/cisco firepower threat defense/6.6.0
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/9.8.0
- version/cisco adaptive security appliance software/9.9.0
- version/cisco adaptive security appliance software/9.10.0
- version/cisco adaptive security appliance software/9.12.0
- version/cisco adaptive security appliance software/9.13.0
- version/cisco adaptive security appliance software/9.14.0