CVE-2020-3195

HIGH

Cisco ASA & FTD OSPF Packet Processing Unauthenticated DoS

Title source: llm

Description

A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-memleak-DHpsgfnv

Scores

CVSS v3 7.5

EPSS 0.0131

EPSS Percentile 80.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-401 CWE-400

Status published

Products (14)

cisco/adaptive_security_appliance_software 9.12 - 9.12.3.2

cisco/asa_5505_firmware 9.12\(2\)

cisco/asa_5510_firmware 9.12\(2\)

cisco/asa_5512-x_firmware 9.12\(2\)

cisco/asa_5515-x_firmware 9.12\(2\)

cisco/asa_5520_firmware 9.12\(2\)

cisco/asa_5525-x_firmware 9.12\(2\)

cisco/asa_5540_firmware 9.12\(2\)

cisco/asa_5545-x_firmware 9.12\(2\)

cisco/asa_5550_firmware 9.12\(2\)

... and 4 more

Published May 06, 2020

Tracked Since Feb 18, 2026