TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2020-3259

HIGHCISA KEV
7.5

Beschreibung

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

CVE Details

CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/6/2020
Zuletzt geandert10/28/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerCisco
ProduktAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
SchwachstellennameCisco ASA and FTD Information Disclosure Vulnerability
KEV Aufnahmedatum2024-02-15
Behebungsfrist2024-03-07
Ransomware-NutzungKnown

Betroffene Produkte

cisco:adaptive_security_appliance_softwarecisco:firepower_threat_defense

Schwachen (CWE)

CWE-200

Referenzen

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3259(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.