CVE-2024-20426

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

8.6HIGH

EPSS

0.6%

top 31.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedOct 23

Description

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could al…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

▶NVDcisco/firepower_threat_defense_software21 versions+20

▶NVDcisco/adaptive_security_appliance_software33 versions+32

▶CVEListV5cisco/cisco_firepower_threat_defense_software21 versions+20

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software33 versions+32

🔴Vulnerability Details

GHSA

GHSA-9pj9-8qr7-5x38: A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Ci↗2024-10-23

▶

CVEList

CVE-2024-20426: A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Ci↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software IKEv2 VPN Denial of Service Vulnerability↗2024-10-23

▶