KEVIntel
Back to KEVs
7.5
CVSS
High

CVE-2020-3259

PUBLISHED

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

Exploited in the wild Used in malware Remote Low complexity No user interaction
Vendor
Cisco
Product
Cisco Adaptive Security Appliance (ASA) Software
Published
May 06, 2020
EPSS

Description

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

cisa malware ransomware edge nessus_scanner

CVSS scores

CVSS v3.0 7.5 High

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2024-02-15 00:00:00 UTC · Source

Used in malware

Recorded 2024-02-15 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Feb 15, 2024

Scanner integrations

Scanner Reference Detected
Nessus https://www.tenable.com/plugins/nessus/137659 Jun 02, 2025

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Exploit Used in Malware

  • Added to KEVIntel

  • Detected by Nessus