CVE-2020-3373 : Security Advisory and Response
Learn about CVE-2020-3373, a high-severity vulnerability in Cisco ASA & FTD Software allowing remote attackers to cause a memory leak, leading to a denial of service condition. Find mitigation steps and patching details here.
A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device, leading to a denial of service (DoS) condition.
Understanding CVE-2020-3373
This CVE involves a memory leak vulnerability in Cisco ASA and FTD Software due to improper error handling during IP fragment reassembly.
What is CVE-2020-3373?
The vulnerability allows attackers to send crafted IP traffic to consume memory on the device, potentially impacting traffic flow and requiring a manual reboot to recover.
The Impact of CVE-2020-3373
- Attack Complexity: Low
- Attack Vector: Network
- Availability Impact: High
- Base Score: 8.6 (High Severity)
- Scope: Changed
- No user interaction or privileges required
- Could lead to a denial of service condition
Technical Details of CVE-2020-3373
This section provides more in-depth technical information about the vulnerability.
Vulnerability Description
The vulnerability arises from errors in handling specific failures during IP fragment reassembly, allowing attackers to trigger a memory leak.
Affected Systems and Versions
- Product: Cisco Adaptive Security Appliance (ASA) Software
- Vendor: Cisco
- Affected Version: Not Applicable (n/a)
Exploitation Mechanism
Attackers can exploit the vulnerability by sending specially crafted fragmented IP traffic to the targeted device, causing memory consumption and potential DoS.
Mitigation and Prevention
Protecting systems from CVE-2020-3373 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Apply vendor patches and updates promptly
- Monitor network traffic for any signs of exploitation
- Implement firewall rules to restrict IP fragment traffic
Long-Term Security Practices
- Regularly update and patch all software and firmware
- Conduct security assessments and penetration testing
- Educate users on identifying and reporting suspicious activities
Patching and Updates
- Cisco has released patches to address this vulnerability
- Regularly check for security advisories and apply updates as soon as they are available