CVE-2024-20493 in ASAinfo

Summary

by MITRE • 10/23/2024

A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several minutes, resulting in a temporary denial of service (DoS) condition.

This vulnerability is due to ineffective handling of memory resources during the authentication process. An attacker could exploit this vulnerability by sending crafted packets, which could cause resource exhaustion of the authentication process. A successful exploit could allow the attacker to deny authentication for Remote Access SSL VPN users for several minutes, resulting in a temporary DoS condition.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

11/08/2023

Disclosure

10/23/2024

Moderation

accepted

CPE

ready

EPSS

0.00527

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!