A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Metrics
Affected Vendors & Products
References
History
Thu, 24 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco adaptive Security Appliance Cisco firepower Threat Defense Software |
|
CPEs | cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Cisco
Cisco adaptive Security Appliance Cisco firepower Threat Defense Software |
|
Metrics |
ssvc
|
Wed, 23 Oct 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |
Weaknesses | CWE-788 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-10-23T17:35:43.314Z
Updated: 2024-10-24T16:16:53.323Z
Reserved: 2023-11-08T15:08:07.660Z
Link: CVE-2024-20402
Vulnrichment
Updated: 2024-10-24T16:16:44.834Z
NVD
Status : Awaiting Analysis
Published: 2024-10-23T18:15:07.930
Modified: 2024-10-25T12:56:36.827
Link: CVE-2024-20402
Redhat
No data.