CVE-2020-27124

A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy	Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq	Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3	Not Applicable

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.12:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:::::::*

History

01 Aug 2025, 18:43

Type	Values Removed	Values Added
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy - Vendor Advisory
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq - Not Applicable
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3 -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3 - Not Applicable
CPE		cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.12:::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:::::::*
First Time		Cisco Cisco adaptive Security Appliance Software

Information

Published : 2024-11-18 16:15

Updated : 2025-08-01 18:43

NVD link : CVE-2020-27124

Mitre link : CVE-2020-27124

CVE.ORG link : CVE-2020-27124

JSON object : View

Products Affected

cisco

adaptive_security_appliance_software

CWE

CWE-457

Use of Uninitialized Variable

8.6 /10