← Voltar para CVEs
CVE-2024-20353
HIGHCISA KEV8.6
Descricao
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.
Detalhes CVE
Pontuacao CVSS v3.18.6
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/24/2024
Ultima modificacao10/28/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorCisco
ProdutoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
Nome da vulnerabilidadeCisco ASA and FTD Denial of Service Vulnerability
Data inclusao KEV2024-04-24
Prazo de remediacao2024-05-01
Uso em ransomwareUnknown
Produtos afetados
cisco:adaptive_security_appliance_softwarecisco:firepower_threat_defense
Fraquezas (CWE)
CWE-835CWE-835
Referencias
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2(psirt@cisco.com)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2(af854a3a-2127-422b-91ae-364da2661108)
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20353(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.