CVE-2024-20268

CWE-2314 documents4 sources

Severity

7.7HIGH

EPSS

1.1%

top 22.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedOct 23

Description

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an unexpected reload of the device. This vulnerability is due to insufficient input validation of SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device using IPv4 or IPv6. A successful exploit could allow the…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software97 versions+96

▶CVEListV5cisco/cisco_firepower_threat_defense_software47 versions+46

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software97 versions+96

▶NVDcisco/firepower_threat_defense47 versions+46

🔴Vulnerability Details

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability↗2024-10-23

▶

GHSA

GHSA-gvjq-f8m6-m457: A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threa↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software SNMP Denial of Service Vulnerability↗2024-10-23

▶