CVE-2024-20481
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/10/2024
Last modified:
29/10/2024
Description
A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service.<br />
<br />
This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected.<br />
<br />
Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials.
Impact
Base Score 3.x
5.80
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.12:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.13:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.14:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page