CVE-2024-20353
CVSS 3.1 Score 8.6 of 10 (high)
Details
Summary
CVE-2024-20353 is a newly disclosed vulnerability affecting the management and VPN web servers of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This issue stems from inadequate error checking when processing HTTP headers, which could enable an unauthenticated, remote attacker to trigger a denial of service (DoS) event on the targeted device. By crafting a malicious HTTP request, an adversary can cause the web server to reload unexpectedly, leading to a DoS condition. This vulnerability poses a significant risk, particularly for organizations that rely heavily on Cisco's security solutions. It is essential that affected organizations apply the available patch or update as soon as possible to mitigate the risk of exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Adaptive Security Appliance ASA Software
- Cisco Firepower Threat Defense
Affected Vendors
- Cisco Systems Inc