Lucene search

[email protected]CVE-2024-20353

HistoryApr 24, 2024 - 7:15 p.m.

CVE-2024-20353

2024-04-2419:15:46

CWE-835

[email protected]

web.nvd.nist.gov

166

In Wild

cisco asa

ftd

web servers

vulnerability

unexpected reload

denial of service

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.8%

JSON

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.

CPENameOperatorVersion
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.8.1
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.8.1.5
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.8.1.7
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.8.2
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.8.2.8
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.8.2.14
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.8.2.15
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.8.2.17
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.8.2.20
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.8.2.24

CPE	Name	Operator	Version
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.8.1
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.8.1.5
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.8.1.7
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.8.2
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.8.2.8
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.8.2.14
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.8.2.15
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.8.2.17
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.8.2.20
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.8.2.24