Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2020-3188 | First vendor Publication | 2020-05-06 |
Vendor | Cve | Last vendor Modification | 2021-08-12 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | |||
---|---|---|---|
Overall CVSS Score | 5.3 | ||
Base Score | 5.3 | Environmental Score | 5.3 |
impact SubScore | 1.4 | Temporal Score | 5.3 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | None |
Integrity Impact | None | Availability Impact | Low |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3188 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-613 | Insufficient Session Expiration |
CPE : Common Platform Enumeration
Sources (Detail)
Source | Url |
---|---|
CISCO | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... |
Alert History
Date | Informations |
---|---|
2023-11-10 02:05:42 |
|
2023-09-19 13:06:04 |
|
2022-11-22 01:50:50 |
|
2021-08-13 00:23:08 |
|
2021-05-04 13:51:34 |
|
2021-04-22 03:02:59 |
|
2020-10-29 01:28:55 |
|
2020-10-24 01:28:56 |
|
2020-05-24 01:31:31 |
|
2020-05-23 02:36:36 |
|