Cisco ASA and FTD Devices Vulnerable to SSL/TLS Memory Management Memory Flaw
CVE-2024-20402
Key Information
- Vendor
- Cisco
- Status
- Cisco Adaptive Security Appliance (asa) Software
- Cisco Firepower Threat Defense Software
- Vendor
- CVE Published:
- 23 October 2024
Badges
Summary
A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Affected Version(s)
Cisco Adaptive Security Appliance (ASA) Software = 9.8.1
Cisco Adaptive Security Appliance (ASA) Software = 9.8.1.5
Cisco Adaptive Security Appliance (ASA) Software = 9.8.1.7
References
CVSS V3.1
Timeline
- ๐พ
Exploit known to exist
Vulnerability published