CVE-2020-27124

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-27124

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

A

vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3 Not Applicable
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.12:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*
History

01 Aug 2025, 18:43

Type Values Removed Values Added
CPE cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.12:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*
First Time Cisco
Cisco adaptive Security Appliance Software
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy - Vendor Advisory
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq - Not Applicable
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3 - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3 - Not Applicable

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en el controlador SSL/TLS del software Cisco Adaptive Security Appliance (ASA) podría permitir que un atacante remoto no autenticado haga que el dispositivo afectado se recargue inesperadamente, lo que genera una condición de denegación de servicio (DoS). La vulnerabilidad se debe a un manejo inadecuado de errores en conexiones SSL/TLS establecidas. Un atacante podría aprovechar esta vulnerabilidad estableciendo una conexión SSL/TLS con el dispositivo afectado y luego enviando un mensaje SSL/TLS malicioso dentro de esa conexión. Una explotación exitosa podría permitir que el atacante haga que el dispositivo se recargue. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad.

18 Nov 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-18 16:15

Updated : 2025-08-01 18:43

NVD link : CVE-2020-27124

Mitre link : CVE-2020-27124

CVE.ORG link : CVE-2020-27124

JSON object : View

Products Affected

cisco

CWE
CWE-457

Use of Uninitialized Variable