CVE-2024-20495

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.6HIGH

EPSS

0.3%

top 43.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedOct 23

Description

A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software130 versions+129

▶CVEListV5cisco/cisco_firepower_threat_defense_software45 versions+44

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software130 versions+129

▶NVDcisco/firepower_threat_defense45 versions+44

🔴Vulnerability Details

CVEList

CVE-2024-20495: A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software↗2024-10-23

▶

GHSA

GHSA-5q5x-hwcj-q6c2: A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability↗2024-10-23

▶