Description
A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition.
The vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Published: 2024-11-18
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2020-19648 A vulnerability in the SSL/TLS handler of Cisco&nbsp;Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
History

Fri, 01 Aug 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Cisco adaptive Security Appliance Software
CPEs cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.12:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*
Vendors & Products Cisco adaptive Security Appliance Software

Mon, 18 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance
CPEs cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*
Vendors & Products Cisco
Cisco adaptive Security Appliance
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 18 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the SSL/TLS handler of Cisco&nbsp;Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Title Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability
Weaknesses CWE-457
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/RL:X/RC:X/E:X'}


Subscriptions

Cisco Adaptive Security Appliance Adaptive Security Appliance Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-18T16:25:39.424Z

Reserved: 2020-10-13T00:00:00.000Z

Link: CVE-2020-27124

cve-icon Vulnrichment

Updated: 2024-11-18T16:25:28.572Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-18T16:15:06.397

Modified: 2026-06-17T03:08:50.117

Link: CVE-2020-27124

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-457

    Use of Uninitialized Variable