CVE-2020-3529

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A vulnerability in the SSL VPN negotiation process could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The issue is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this by sending crafted Datagram TLS (DTLS) traffic to an affected device, potentially exhausting DMA memory and causing a DoS condition.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software, update to a version that includes the fix for this issue. For Cisco Firepower Threat Defense (FTD) Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SSL VPN negotiation process to minimize the risk of exploitation.