A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
History

Thu, 24 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance
Cisco firepower Threat Defense Software
CPEs cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*
Vendors & Products Cisco
Cisco adaptive Security Appliance
Cisco firepower Threat Defense Software
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 23 Oct 2024 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Weaknesses CWE-788
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-10-23T17:35:43.314Z

Updated: 2024-10-24T16:16:53.323Z

Reserved: 2023-11-08T15:08:07.660Z

Link: CVE-2024-20402

cve-icon Vulnrichment

Updated: 2024-10-24T16:16:44.834Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-23T18:15:07.930

Modified: 2024-10-25T12:56:36.827

Link: CVE-2024-20402

cve-icon Redhat

No data.