CVE-2020-3529

HIGH EXPLOITED

Cisco Adaptive Security Appliance and Firepower Threat Defense - Unauthenticated Denial of Service via DTLS Traffic

Title source: llm

Exploitation Summary

CVE-2020-3529 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted Datagram TLS (DTLS) traffic to an affected device. A successful exploit could allow the attacker to exhaust DMA memory on the device and cause a DoS condition.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx

Scores

CVSS v3 8.6

EPSS 0.0131

EPSS Percentile 80.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-04-23

CWE

CWE-400

Status published

Products (3)

cisco/adaptive_security_appliance < 9.6.4.45

cisco/adaptive_security_appliance_software 9.8.0 - 9.8.4.29

cisco/firepower_threat_defense < 6.3.0.6

Published Oct 21, 2020

Tracked Since Feb 18, 2026