CVE-2024-20260

CWE-7894 documents4 sources

Severity

8.6HIGH

EPSS

0.4%

top 41.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software

Timeline

PublishedOct 23

Description

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management for new…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_software88 versions+87

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software196 versions+195

🔴Vulnerability Details

CVEList

Cisco Adaptive Security Virtual Appliance and Secure Firewall Threat Defense Virtual SSL VPN Denial of Service Vulnerability↗2024-10-23

▶

GHSA

GHSA-27g3-cp2g-22pw: A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Virtual Appliance and Secure Firewall Threat Defense Virtual SSL VPN Denial of Service Vulnerability↗2024-10-23

▶