Security Advisory

Cisco Product Security Update Advisory (CVE-2020-3259)

  • Feb 22 2024

Overview

 

An update has been made available to fix vulnerabilities in Cisco. This vulnerability was exploited in a real-world attack in 2024, and users of affected versions should make sure to update to the latest version.

 

Affected Products

 

CVE-2020-3259

  • Vulnerability in the AnyConnect IKEv2 Remote Access (with client services) feature of Cisco ASA Software in the crypto ikev2 enable client-services port configuration
  • Vulnerability in AnyConnect SSL VPN feature in Cisco ASA Software when enabling webvpn
  • Vulnerability in Cisco ASA Software’s Clientless SSL VPN feature when enabling webvpn
  • Vulnerability in Cisco FTD Software’s AnyConnect IKEv2 Remote Access (with client services) feature when configuring crypto ikev2 enable client-services port
  • Vulnerability in Cisco FTD Software’s AnyConnect SSL VPN feature when enabling webvpn

 

Resolved Vulnerabilities

 

Web Service Information Leakage Vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software (CVE-2020-3259)

 

Vulnerability Patches

 

Vulnerability patches were made available in the February 2024 Update. Please update to the latest vulnerability patch version according to the reference site.

CVE-2020-3259

  • Cisco ASA Software versions 9.8.4.20, 9.9.2.67, 9.10.1.40, 9.12.3.9, and 9.13.1.10
  • Cisco FTD Software 6.2.3.16 (June 2020)
  • Cisco FTD Software 6.2.3.16 (Coming Soon)
  • Cisco FTD Software 6.4.0.9
  • Cisco FTD Software 6.5.0.5 (Coming soon)
  • Cisco FTD Software 6.6

 

Referenced Sites

 

[1] Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB

Tags:

Previous Post

Next Post