CVE-2024-20339

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.5HIGH

EPSS

2.1%

top 16.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Firepower Threat Defense Software Cisco Firepower Threat Defense Software

Timeline

PublishedOct 23

Description

A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an issue that occurs when TLS traffic is processed. An attacker could exploit this vulnerability by sending certain TLS traffic over IPv4 through an affected device. A successful exploit could allow the attacker to cause the de…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶NVDcisco/firepower_threat_defense_software80 versions+79

▶CVEListV5cisco/cisco_firepower_threat_defense_software80 versions+79

🔴Vulnerability Details

CVEList

Cisco Firepower Threat Defense Software for Firepower 2100 Series TLS Denial of Service Vulnerability↗2024-10-23

▶

GHSA

GHSA-7874-r67m-25qh: A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthen↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software for Firepower 2100 Series TLS Denial of Service Vulnerability↗2024-10-23

▶