CVE-2024-20402

Published Oct 23, 2024

Last updated 23 days ago

CVSS high 8.6

Overview

Description
A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Source
ykramarz@cisco.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.6
Impact score
4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity
HIGH

Weaknesses

ykramarz@cisco.com
CWE-788

Social media

Hype score
Not currently trending

  1. [CVE-2024-20402: HIGH] Critical vulnerability in Cisco ASA and FTD Software's SSL VPN feature could allow remote attackers to cause unexpected reloads, leading to denial of service. Exploitation through crafted S...#cybersecurity,#vulnerability https://t.co/jKONRR9EjL https://t.c

    @CveFindCom

    23 Oct 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References