==================================================================== CERT-Renater Note d'Information No. 2020/VULN254 _____________________________________________________________________ DATE : 07/05/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco ASA Software versions prior to 9.8.4.20, 9.9.2.67, 9.10.1.39, 9.12.3.9, 9.13.1.10, Cisco FTD Software versions prior to 6.6.0, 6.5.0.5 (future release), 6.4.0.9 (May 2020), 6.3.0.6 (future release), 6.2.3.16 (June 2020). ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-2-sS2h7aWe https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-Rdpe34sd8 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-May-06. The following PSIRT security advisories (12 High) were published at 16:00 UTC today. Table of Contents: 1) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability - SIR: High 2) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability - SIR: High 3) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability - SIR: High 4) Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability - SIR: High 5) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability - SIR: High 6) Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability - SIR: High 7) Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability - SIR: High 8) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities - SIR: High 9) Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability - SIR: High 10) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability - SIR: High 11) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability - SIR: High 12) Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass Vulnerability - SIR: High +-------------------------------------------------------------------- 1) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability CVE-2020-3259 SIR: High CVSS Score v(3.0): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB"] +-------------------------------------------------------------------- 2) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability CVE-2020-3195 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv"] +-------------------------------------------------------------------- 3) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability CVE-2020-3196 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN"] +-------------------------------------------------------------------- 4) Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability CVE-2020-3283 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ"] +-------------------------------------------------------------------- 5) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability CVE-2020-3298 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx"] +-------------------------------------------------------------------- 6) Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability CVE-2020-3179 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-2-sS2h7aWe ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-2-sS2h7aWe"] +-------------------------------------------------------------------- 7) Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability CVE-2020-3255 SIR: High CVSS Score v(3.0): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR"] +-------------------------------------------------------------------- 8) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities CVE-2020-3254 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgcp-SUqB8VKH"] +-------------------------------------------------------------------- 9) Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability CVE-2020-3189 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-Rdpe34sd8 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-Rdpe34sd8"] +-------------------------------------------------------------------- 10) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability CVE-2020-3191 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k"] +-------------------------------------------------------------------- 11) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability CVE-2020-3187 SIR: High CVSS Score v(3.0): 9.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43"] +-------------------------------------------------------------------- 12) Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass Vulnerability CVE-2020-3125 SIR: High CVSS Score v(3.0): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================