{"id": "CVE-2020-3191", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2020-05-06T17:15:12.290", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only."}, {"lang": "es", "value": "Una vulnerabilidad en el procesamiento de paquetes DNS sobre IPv6 para el Cisco Adaptive Security Appliance (ASA) Software y el Firepower Threat Defense (FTD) Software, podr\u00eda permitir a un atacante remoto no autenticado causar que el dispositivo se sobrecargue inesperadamente, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a una comprobaci\u00f3n inapropiada de la longitud de un campo en un paquete DNS IPv6. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una consulta DNS sobre IPv6 dise\u00f1ada, que atraviesa el dispositivo afectado. Una explotaci\u00f3n podr\u00eda permitir al atacante causar que el dispositivo se sobrecargue, resultando en una condici\u00f3n DoS. Esta vulnerabilidad es espec\u00edfica solo de DNS sobre el tr\u00e1fico IPv6."}], "lastModified": "2023-08-16T16:17:07.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4B2E5D3-ED34-4A7E-BD8F-8492B6737677", "versionEndExcluding": "6.2.3.16", "versionStartIncluding": "6.2.3"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D27DE97-510A-4761-8184-6940745B54E2", "versionEndExcluding": "6.3.0.6", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EDD3A04-6832-4533-8CE6-6083720E8654", "versionEndExcluding": "6.4.0.6", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5505_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4151DD11-8D9E-4B30-9762-62A7C8900AF1"}, {"criteria": "cpe:2.3:o:cisco:asa_5505_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D19BFA6-5642-423A-BC3E-CEBACD06F3F9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5510_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "365F7DD4-29F7-4DBB-B86E-2E0CBFF31407"}, {"criteria": "cpe:2.3:o:cisco:asa_5510_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11F9B11-9B16-492F-9142-AC0D920F1E19"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B091B9BA-D4CA-435B-8D66-602B45F0E0BD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "058F618F-81C5-473D-81E1-7F52ED122391"}, {"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87A60AD4-7E61-4538-B0BC-DE08810C4819"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "723FCCD5-BBB7-4EFC-BC10-7DF675B35469"}, {"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4DDC3BE-ABCF-4E30-B5C8-2C6C8FD87FCB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5520_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CD21786-2506-4E5B-94D0-A4ADBEB8AA50"}, {"criteria": "cpe:2.3:o:cisco:asa_5520_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B2F410E-05C8-48C0-81FD-3E4B30AC6AE8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5520:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B387F62-6341-434D-903F-9B72E7F84ECB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C027842-9992-4E73-A5B4-EFC4B9AA8EF6"}, {"criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12DF8456-3785-44EA-868F-659AED7A6052"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5540_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD48789B-881D-4223-9E22-1CEEB3F9D8C6"}, {"criteria": "cpe:2.3:o:cisco:asa_5540_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41B1AA35-0D67-431A-8A08-D1A094BEA00C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17C5A524-E1D9-480F-B655-0680AA5BF720"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5113A511-B85E-432B-B602-D8DBF8801113"}, {"criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B307A668-401B-452F-83D3-DC4122571357"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5550_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A0E63B4-C2F4-43C9-8F0E-BCD484BCFAE0"}, {"criteria": "cpe:2.3:o:cisco:asa_5550_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5EF6675-0D00-48D5-BD2E-FC3AA0A2C064"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E6287D95-F564-44B7-A0F9-91396D7C2C4E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B0A4AC7-B0D9-485F-8F55-B74264238E6E"}, {"criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09A7B7E5-E0EA-48CE-9A18-2BA590C85B7C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5580_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF631E5F-998A-4AA7-89CF-954B58899DDA"}, {"criteria": "cpe:2.3:o:cisco:asa_5580_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "919DBFD7-D5F9-41C8-B777-DC949D245CC4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:9.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85936D50-13C2-4D1D-9987-2BE8DA7E2DA5"}, {"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:96.4\\(0.42\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCAC6D10-D0F7-48C8-BC2F-A22F3CBF9B8A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "679D5374-F120-4540-B9D8-6A69D4E99CDD", "versionEndExcluding": "9.6.4.36", "versionStartIncluding": "9.6"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C74FF4EA-4CF7-4477-882F-8F0EABBE47A4", "versionEndExcluding": "9.8.4.12", "versionStartIncluding": "9.8"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE81D32-51D0-41F7-B06B-0750DCB1F589", "versionEndExcluding": "9.9.2.66", "versionStartIncluding": "9.9"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49FFDB02-2944-4B31-BBC0-30E60BA9F9D1", "versionEndExcluding": "9.10.1.37", "versionStartIncluding": "9.10"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C0F64F2-0DFE-4904-85D6-ECD3D37E7385", "versionEndExcluding": "9.12.2.9", "versionStartIncluding": "9.12"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}