Cisco Remote Access SSL VPN Vulnerability Could Lead to Temporary Denial of Service
CVE-2024-20493

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Firepower Threat Defense Software
Vendor: CVE Published:; 23 October 2024

Summary

A vulnerability exists in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This issue arises from inadequate management of memory resources during the authentication process. By sending specially crafted packets, an unauthenticated, remote attacker may exploit this vulnerability, leading to resource exhaustion in the authentication process. As a result, this can temporarily prevent Remote Access SSL VPN users from authenticating for several minutes, effectively creating a denial of service condition.

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2024