Cisco ASA and FTD Devices Vulnerable to SSL/TLS Memory Management Memory Flaw

CVE-2024-20402

8.6HIGH

Key Information

Vendor
Cisco
Status
Cisco Adaptive Security Appliance (asa) Software
Cisco Firepower Threat Defense Software
Vendor
CVE Published:
23 October 2024

Badges

๐Ÿ‘พ Exploit Exists

Summary

A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software = 9.8.1

Cisco Adaptive Security Appliance (ASA) Software = 9.8.1.5

Cisco Adaptive Security Appliance (ASA) Software = 9.8.1.7

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.