⚠ Actively exploited
Added to CISA KEV on 2024-10-24. Federal agencies required to patch by 2024-11-14. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2024-20481
Severity
5.8MEDIUM
EPSS
11.1%
top 6.53%
CISA KEV
KEV
Added 2024-10-24
Due 2024-11-14
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedOct 23
KEV addedOct 24
KEV dueNov 14
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service.
This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust reso…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4
Affected Packages4 packages
🔴Vulnerability Details
3CVEList▶
CVE-2024-20481: A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)↗2024-10-23
GHSA▶
GHSA-cp3f-3wc5-j85w: A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)↗2024-10-23