{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-27124", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2020-10-13T00:00:00.000Z", "datePublished": "2024-11-18T16:03:00.333Z", "dateUpdated": "2024-11-18T16:25:39.424Z"}, "containers": {"cna": {"title": "Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/RL:X/RC:X/E:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition.\r\nThe vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy", "name": "cisco-sa-asa-ssl-dos-7uZWwSEy"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3", "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq", "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq"}], "exploits": [{"lang": "en", "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-asa-ssl-dos-7uZWwSEy", "discovery": "EXTERNAL", "defects": ["CSCvt64822"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use of Uninitialized Variable", "type": "cwe", "cweId": "CWE-457"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Adaptive Security Appliance (ASA) Software", "versions": [{"version": "N/A", "status": "affected"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-11-18T16:03:00.333Z"}}, "adp": [{"affected": [{"vendor": "cisco", "product": "adaptive_security_appliance", "cpes": ["cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.13.1.12", "status": "affected", "lessThan": "9.13.1.16", "versionType": "custom"}, {"version": "9.14.1.10", "status": "affected", "lessThan": "9.14.1.15", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-18T16:23:01.950420Z", "id": "CVE-2020-27124", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-18T16:25:39.424Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-27124", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-18T16:23:01.950420Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "adaptive_security_appliance", "versions": [{"status": "affected", "version": "9.13.1.12", "lessThan": "9.13.1.16", "versionType": "custom"}, {"status": "affected", "version": "9.14.1.10", "lessThan": "9.14.1.15", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-18T16:25:28.572Z"}}], "cna": {"title": "Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability", "source": {"defects": ["CSCvt64822"], "advisory": "cisco-sa-asa-ssl-dos-7uZWwSEy", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/RL:X/RC:X/E:X", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Adaptive Security Appliance (ASA) Software", "versions": [{"status": "affected", "version": "N/A"}]}], "exploits": [{"lang": "en", "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy", "name": "cisco-sa-asa-ssl-dos-7uZWwSEy"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3", "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq", "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition.\r\nThe vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-457", "description": "Use of Uninitialized Variable"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-11-18T16:03:00.333Z"}}}, "cveMetadata": {"cveId": "CVE-2020-27124", "state": "PUBLISHED", "dateUpdated": "2024-11-18T16:25:39.424Z", "dateReserved": "2020-10-13T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-11-18T16:03:00.333Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "40145CFB-CEE8-4ABA-A9C2-BA262B7A9AEC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "23C82327-5362-4876-8058-EB51030CD5DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "F4187EFE-4D7E-4493-A6E0-24C98256CF79", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition.\r\nThe vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en el controlador SSL/TLS del software Cisco Adaptive Security Appliance (ASA) podr\u00eda permitir que un atacante remoto no autenticado haga que el dispositivo afectado se recargue inesperadamente, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad se debe a un manejo inadecuado de errores en conexiones SSL/TLS establecidas. Un atacante podr\u00eda aprovechar esta vulnerabilidad estableciendo una conexi\u00f3n SSL/TLS con el dispositivo afectado y luego enviando un mensaje SSL/TLS malicioso dentro de esa conexi\u00f3n. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo se recargue. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."}], "id": "CVE-2020-27124", "lastModified": "2025-08-01T18:43:30.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "psirt@cisco.com", "type": "Secondary"}]}, "published": "2024-11-18T16:15:06.397", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy"}, {"source": "psirt@cisco.com", "tags": ["Not Applicable"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq"}, {"source": "psirt@cisco.com", "tags": ["Not Applicable"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-457"}], "source": "psirt@cisco.com", "type": "Secondary"}]}

{}

{}