⚠ Actively exploited
Added to CISA KEV on 2024-04-24. Federal agencies required to patch by 2024-05-01. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2024-20353
Severity
8.6HIGH
EPSS
24.4%
top 3.89%
CISA KEV
KEV
Added 2024-04-24
Due 2024-05-01
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedApr 24
KEV addedApr 24
KEV dueMay 1
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0
Affected Packages4 packages
🔴Vulnerability Details
3GHSA▶
GHSA-pp78-fggv-r899: A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) So↗2024-04-24
CVEList▶
CVE-2024-20353: A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) So↗2024-04-24