Details of VAR-202009-1639

ID

VAR-202009-1639

CVE

CVE-2020-3548

TITLE

Cisco Systems Cisco Email Security Appliance Algorithmic Complexity Vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-018383

DESCRIPTION

A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient processing of incoming TLS traffic. An attacker could exploit this vulnerability by sending a series of crafted TLS packets to an affected device. A successful exploit could allow the attacker to trigger a prolonged state of high CPU utilization. The affected device would still be operative, but response time and overall performance may be degraded.There are no workarounds that address this vulnerability. Cisco Systems Cisco Email Security Appliance contains an algorithmic complexity vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2020-3548 // JVNDB: JVNDB-2020-018383

AFFECTED PRODUCTS

vendor:	cisco	model:	email security appliance	scope:	lte	version:	13.5.1-277	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco email security appliance	scope:	lte	version:	13.5.1-277 and earlier	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco email security appliance	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-018383 // NVD: CVE-2020-3548

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2020-3548
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2020-3548
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3548
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202009-077
value:	MEDIUM
Trust: 0.6

psirt@cisco.com:	CVE-2020-3548
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2020-3548
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-3548
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-018383 // CNNVD: CNNVD-202009-077 // NVD: CVE-2020-3548 // NVD: CVE-2020-3548

PROBLEMTYPE DATA

problemtype:	CWE-407	Trust: 1.0
problemtype:	Algorithm complexity (CWE-407) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-018383 // NVD: CVE-2020-3548

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-077

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-077

PATCH

title:

cisco-sa-esa-tls-dos-xW53TBhb

url:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb

Trust: 0.8

sources: JVNDB: JVNDB-2020-018383

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3548	Trust: 3.2
db:	JVNDB	id:	JVNDB-2020-018383	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3036	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-077	Trust: 0.6

sources: JVNDB: JVNDB-2020-018383 // CNNVD: CNNVD-202009-077 // NVD: CVE-2020-3548

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-tls-dos-xw53tbhb	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3548	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-tls-dos-xw53tbhb	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3036/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-esa-overload-via-tls-33224	Trust: 0.6

sources: JVNDB: JVNDB-2020-018383 // CNNVD: CNNVD-202009-077 // NVD: CVE-2020-3548

SOURCES

db:	JVNDB	id:	JVNDB-2020-018383
db:	CNNVD	id:	CNNVD-202009-077
db:	NVD	id:	CVE-2020-3548

LAST UPDATE DATE

2025-08-04T23:41:46.185000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-018383	date:	2025-08-01T08:45:00
db:	CNNVD	id:	CNNVD-202009-077	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-3548	date:	2025-07-31T17:17:22.500

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-018383	date:	2025-08-01T00:00:00
db:	CNNVD	id:	CNNVD-202009-077	date:	2020-09-02T00:00:00
db:	NVD	id:	CVE-2020-3548	date:	2024-11-18T16:15:08.100