Severity Rating: HIGH
Software Affected
•Cisco FTD Software 6.2.3.12, 6.2.3.13, 6.2.3.14, and 6.2.3.15.
Overview
Vulnerability has been reported in the VPN System Logging functionality for
Cisco Firepower Threat Defense (FTD) Software which could allow an
unauthenticated, remote attacker to cause a memory leak that can deplete
system memory over time, which can cause unexpected system behaviors or
device crashes.
Description
A Vulnerability exists in the VPN System Logging functionality for Cisco
Firepower Threat Defense (FTD) Software due to the system memory not being
properly freed for a VPN System Logging event generated when a VPN session
is created or deleted that could allow the attacker to cause system memory
depletion. An attacker could exploit this vulnerability by repeatedly
creating or deleting a VPN tunnel connection, which could leak a small
amount of system memory for each logging event.
Successful exploitation of this vulnerability could allow the attacker to
cause system memory depletion, which can lead to a system wide denial of
service (DoS) condition.
Solution
Apply appropriate updates as mentioned in:
- -sa-ftd-dos-Rdpe34sd8
Vendor Information
CISCO
- -sa-ftd-dos-Rdpe34sd8
References
CISCO
- -sa-ftd-dos-Rdpe34sd8
CVE Name
CVE-2020-3189
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.