A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. This vulnerability has been attributed to a recent escalation to Known Exploited Vulnerabilities by CISA.
Product(s) Affected | CVE | Severity | CVSS |
---|---|---|---|
Known affected software configurations - From (including) 6.2.3 Up to (excluding) 6.2.3.16 - From (including) 6.3.0 Up to (excluding) 6.3.0.6 - From (including) 6.4.0 Up to (excluding) 6.4.0.9 - From (including) 6.5.0 Up to (excluding) 6.5.0.5 - From (including) 9.8 Up to (excluding) 9.8.4.20 - From (including) 9.9 Up to (excluding) 9.9.2.67 - From (including) 9.10 Up to (excluding) 9.10.1.40 - From (including) 9.12 Up to (excluding) 9.12.3.9 - From (including) 9.13 Up to (excluding) 9.13.1.10 |
CVE-2020-3259 | High | 7.5 |
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
The WA SOC recommends administrators apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. (refer Patch Management):