← Retour aux CVEs
CVE-2024-20353
HIGHCISA KEV8.6
Description
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.
Details CVE
Score CVSS v3.18.6
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/24/2024
Derniere modification10/28/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurCisco
ProduitAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
Nom vulnerabiliteCisco ASA and FTD Denial of Service Vulnerability
Date ajout KEV2024-04-24
Date limite remediation2024-05-01
Utilise dans ransomwareUnknown
Produits affectes
cisco:adaptive_security_appliance_softwarecisco:firepower_threat_defense
Faiblesses (CWE)
CWE-835CWE-835
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2(psirt@cisco.com)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2(af854a3a-2127-422b-91ae-364da2661108)
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20353(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.