{"containers": {"cna": {"affected": [{"product": "Cisco Adaptive Security Appliance (ASA) Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-21T18:36:47", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20201021 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webdos-fBzM5Ynw"}], "source": {"advisory": "cisco-sa-asaftd-webdos-fBzM5Ynw", "defect": [["CSCvs10748", "CSCvt70322"]], "discovery": "INTERNAL"}, "title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-10-21T16:00:00", "ID": "CVE-2020-3304", "STATE": "PUBLIC", "TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Adaptive Security Appliance (ASA) Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "8.6", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400"}]}]}, "references": {"reference_data": [{"name": "20201021 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webdos-fBzM5Ynw"}]}, "source": {"advisory": "cisco-sa-asaftd-webdos-fBzM5Ynw", "defect": [["CSCvs10748", "CSCvt70322"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:30:57.908Z"}, "title": "CVE Program Container", "references": [{"name": "20201021 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webdos-fBzM5Ynw"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3304", "datePublished": "2020-10-21T18:36:47.782306Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-09-17T02:36:33.128Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDD51404-99D0-45D6-8998-02861FF10108", "versionEndExcluding": "9.6.4.45", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB4FADF7-A3CD-44B4-85DF-75F28369B459", "versionEndExcluding": "6.3.0.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "matchCriteriaId": "53C69C8B-5A19-4613-8861-683CF21806B7", "versionEndExcluding": "6.4.0.10", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "matchCriteriaId": "3ED0E59C-146C-494F-AD46-F6FB43F9C575", "versionEndExcluding": "6.5.0.5", "versionStartIncluding": "6.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "matchCriteriaId": "754010DE-2C33-4BA1-9567-90C46309B664", "versionEndExcluding": "6.6.1", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "B21DFF6A-F104-4636-9372-8F94AED29354", "versionEndExcluding": "9.8.4.22", "versionStartIncluding": "9.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "E16D2CA3-B494-4348-BF0C-03969D1423D0", "versionEndExcluding": "9.9.2.80", "versionStartIncluding": "9.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFF8B79C-41E6-4367-8A37-C1A41DA8345E", "versionEndExcluding": "9.10.1.44", "versionStartIncluding": "9.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "A295D790-92A2-43E1-805B-EB033E8DFA27", "versionEndExcluding": "9.12.3.12", "versionStartIncluding": "9.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "00E5D38D-07C2-4543-96B0-7FB9582A37FB", "versionEndExcluding": "9.13.1.12", "versionStartIncluding": "9.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FCB8C11-7C49-472E-A003-DCEC9071D00F", "versionEndExcluding": "9.14.1.10", "versionStartIncluding": "9.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web de Cisco Adaptive Security Appliance (ASA) Software y Firepower Threat Defense (FTD) Software, podr\u00eda permitir a un atacante remoto no autenticado causar que un dispositivo afectado se recargue inesperadamente, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a una falta de comprobaci\u00f3n apropiada de entrada de las peticiones HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada hacia un dispositivo afectado. Una explotaci\u00f3n podr\u00eda permitir al atacante causar una condici\u00f3n de DoS. Nota: Esta vulnerabilidad se aplica al tr\u00e1fico HTTP IP versi\u00f3n 4 (IPv4) e IP versi\u00f3n 6 (IPv6)"}], "id": "CVE-2020-3304", "lastModified": "2023-08-16T16:17:07.960", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-21T19:15:15.623", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webdos-fBzM5Ynw"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}