CVE-2024-20493

CWE-7724 documents4 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 69.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedOct 23

Description

A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several minutes, resulting in a temporary denial of service (DoS) condition. This vulnerability is due to ineffective handling of memory resources during the authentication process. An attacker could exploit th…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDcisco/firepower_threat_defense_software91 versions+90

▶NVDcisco/adaptive_security_appliance_software203 versions+202

▶CVEListV5cisco/cisco_firepower_threat_defense_software91 versions+90

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software203 versions+202

🔴Vulnerability Details

GHSA

GHSA-v3gf-g9fc-578x: A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and↗2024-10-23

▶

CVEList

CVE-2024-20493: A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability↗2024-10-23

▶