CVE-2020-3554

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance versions prior to the fixed release Cisco Firepower Threat Defense versions prior to the fixed release

Description The issue is related to a memory exhaustion condition in the TCP packet processing of the software, which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. An attacker could exploit this by sending a high rate of crafted TCP traffic through an affected device, exhausting device resources and resulting in a DoS condition for traffic transiting the device.

Recommendations For Cisco Adaptive Security Appliance, update to a fixed release to resolve the issue. For Cisco Firepower Threat Defense, update to a fixed release to resolve the issue. As a temporary workaround, consider restricting the rate of TCP traffic through the affected device to minimize the risk of exploitation.