CVE-2020-3373

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance versions prior to the fixed version Cisco Firepower Threat Defense versions prior to the fixed version

Description The issue is related to an uncontrolled resource consumption in the software of Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense. It could allow a remote attacker to cause a denial of service condition by sending specially crafted fragmented IP traffic to the targeted device. This is due to improper error handling during IP fragment reassembly, which could lead to a memory leak, preventing traffic from being processed and resulting in a denial of service condition. The device may require a manual reboot to recover. The vulnerability affects both IP Version 4 and IP Version 6 traffic.

Recommendations For Cisco Adaptive Security Appliance versions prior to the fixed version, update to the fixed release to resolve the issue. For Cisco Firepower Threat Defense versions prior to the fixed version, update to the fixed release to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation until a patch is available.