CVE-2024-20494

CWE-12874 documents4 sources

Severity

8.6HIGH

EPSS

0.4%

top 36.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedOct 23

Description

A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper data validation during the TLS 1.3 handshake. An attacker could exploit this vulnerability by sending a crafted TLS 1.3 packet to an affected system through a TLS 1…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software17 versions+16

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software17 versions+16

▶CVEListV5cisco/cisco_firepower_threat_defense_software8 versions+7

▶NVDcisco/firepower_threat_defense8 versions+7

🔴Vulnerability Details

GHSA

GHSA-rmpg-3w9x-w6pr: A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Sof↗2024-10-23

▶

CVEList

CVE-2024-20494: A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Sof↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software TLS Denial of Service Vulnerability↗2024-10-23

▶