A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device.
Metrics
Affected Vendors & Products
References
History
Fri, 15 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-05-06T16:41:25.710083Z
Updated: 2024-11-15T17:25:01.365Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3196
Vulnrichment
Updated: 2024-08-04T07:24:00.777Z
NVD
Status : Modified
Published: 2020-05-06T17:15:12.417
Modified: 2024-11-21T05:30:31.633
Link: CVE-2020-3196
Redhat
No data.