CVE-2020-3254: 
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation

Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software were discovered. These vulnerabilities, tracked as CVE-2020-3254, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected devices (NVD, CVE).

The vulnerabilities stem from inefficient memory management in the MGCP inspection feature. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption) (NVD).

A successful exploitation of these vulnerabilities could allow an attacker to cause memory exhaustion, resulting in a restart of an affected device and causing a denial of service (DoS) condition for traffic traversing the device (NVD).

Cisco has released software updates to address these vulnerabilities. The fixed versions vary depending on the product version: ASA Software versions 9.6.4.34, 9.8.4.7, 9.9.2.66, 9.10.1.27, and 9.12.2.1 contain fixes for these vulnerabilities (NVD).