CVE-2020-3189— Cisco Firepower Threat Defense 资源管理错误漏洞

Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability

A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak that can deplete system memory over time, which can cause unexpected system behaviors or device crashes. The vulnerability is due to the system memory not being properly freed for a VPN System Logging event generated when a VPN session is created or deleted. An attacker could exploit this vulnerability by repeatedly creating or deleting a VPN tunnel connection, which could leak a small amount of system memory for each logging event. A successful exploit could allow the attacker to cause system memory depletion, which can lead to a systemwide denial of service (DoS) condition. The attacker does not have any control of whether VPN System Logging is configured or not on the device, but it is enabled by default.

N/A

未加控制的资源消耗(资源穷尽)

Cisco Firepower Threat Defense 资源管理错误漏洞

Cisco Firepower Threat Defense（FTD）是美国思科（Cisco）公司的一套提供下一代防火墙服务的统一软件。 Cisco FTD Software中的VPN System Logging功能存在资源管理错误漏洞，该漏洞源于在VPN会话创建或删除时程序没有为所生成的VPN System Logging事件正确地释放内存。远程攻击者可通过不断创建或删除VPN隧道连接利用该漏洞造成系统内存耗尽，导致拒绝服务。以下产品及版本受到影响：Cisco FTD Software 6.2.3.1

N/A

N/A