CVE-2020-27124

CVSS V2 None CVSS V3 None

Description

A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Overview

CVE ID
CVE-2020-27124

Assigner
cisco

Vulnerability Status
PUBLISHED

Published Version
2024-11-18T16:03:00.333Z

Last Modified Date
2024-11-18T16:25:39.424Z

Weakness Enumerations

CWE	URL
CWE-457	http://cwe.mitre.org/data/definitions/457.html

References

Reference URL	Reference Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2020-27124
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27124

History

Created	Old Value	New Value	Data Type	Notes
2024-11-19 12:06:12				Added to TrackCVE