Cisco ASA/Firepower Threat Defense Software Remote Access VPN denial of service

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Cisco ASA and Firepower Threat Defense Software and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Remote Access VPN. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2024-20481. It is possible to launch the attack remotely. Furthermore, an exploit is available. It is suggested to upgrade the affected component.
Details
A vulnerability was found in Cisco ASA and Firepower Threat Defense Software (the affected version is unknown). It has been rated as problematic. Affected by this issue is an unknown code of the component Remote Access VPN. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability. CVE summarizes:
A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected. Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials.
The advisory is shared for download at sec.cloudapps.cisco.com. This vulnerability is handled as CVE-2024-20481 since 11/08/2023. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but an exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 10/28/2025). The MITRE ATT&CK project declares the attack technique as T1499.
It is declared as attacked. The vulnerability scanner Nessus provides a plugin with the ID 209988 (Cisco Firepower Threat Defense Software Remote Access VPN Brute Force DoS (cisco-sa-asaftd-bf-dos-vDZhLqrW)), which helps to determine the existence of the flaw in a target environment. This issue was added on 10/24/2024 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 11/14/2024:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.Upgrading eliminates this vulnerability.
The vulnerability is also documented in the databases at Zero-Day.cz (926) and Tenable (209988). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.6VulDB Meta Temp Score: 5.6
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.8
NVD Vector: 🔍
CNA Base Score: 5.8
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Attacked
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 209988
Nessus Name: Cisco Firepower Threat Defense Software Remote Access VPN Brute Force DoS (cisco-sa-asaftd-bf-dos-vDZhLqrW)
Zero-Day.cz: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
11/08/2023 🔍10/23/2024 🔍
10/23/2024 🔍
10/28/2025 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-asaftd-bf-dos-vDZhLqrW
Status: Confirmed
CVE: CVE-2024-20481 (🔍)
GCVE (CVE): GCVE-0-2024-20481
GCVE (VulDB): GCVE-100-281600
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 10/23/2024 19:21Updated: 10/28/2025 19:02
Changes: 10/23/2024 19:21 (53), 10/24/2024 21:07 (13), 10/25/2024 05:26 (13), 10/25/2024 08:28 (2), 11/01/2024 13:20 (2), 10/21/2025 22:27 (11), 10/28/2025 19:02 (1)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.