CVE-2020-3259

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software versions prior to 6.2.3.16, 6.3.0.6, 6.4.0.9, and 6.5.0.5

Description The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface, allowing them to retrieve memory contents, which could lead to the disclosure of confidential information. This issue affects only specific AnyConnect and WebVPN configurations. The Akira ransomware group is likely exploiting this vulnerability as an entry point to targeted networks.

Recommendations For versions prior to 6.2.3.16, update to version 6.2.3.16 or later. For versions prior to 6.3.0.6, update to version 6.3.0.6 or later. For versions prior to 6.4.0.9, update to version 6.4.0.9 or later. For versions prior to 6.5.0.5, update to version 6.5.0.5 or later. As a temporary workaround, consider restricting access to the web services interface until a patch is available.