CVE-2024-20260

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20260
A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management for new incoming SSL/TLS connections on the virtual platforms. An attacker could exploit this vulnerability by sending a large number of new incoming SSL/TLS connections to the targeted virtual platform. A successful exploit could allow the attacker to deplete system memory, resulting in a denial of service (DoS) condition. The memory could be reclaimed slowly if the attack traffic is stopped, but a manual reload may be required to restore operations quickly.

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdvirtual-dos-MuenGnYR
Configurations

No configuration.

History

25 Oct 2024, 12:56

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en los servidores web de administración y VPN de las plataformas Cisco Adaptive Security Virtual Appliance (ASAv) y Cisco Secure Firewall Threat Defense Virtual (FTDv), anteriormente Cisco Firepower Threat Defense Virtual, podría permitir que un atacante remoto no autenticado provoque que los dispositivos virtuales se queden sin memoria del sistema, lo que podría hacer que el procesamiento de la conexión SSL VPN se ralentice y, finalmente, cese por completo. Esta vulnerabilidad se debe a la falta de una administración de memoria adecuada para las nuevas conexiones SSL/TLS entrantes en las plataformas virtuales. Un atacante podría explotar esta vulnerabilidad enviando una gran cantidad de nuevas conexiones SSL/TLS entrantes a la plataforma virtual de destino. Una explotación exitosa podría permitir al atacante agotar la memoria del sistema, lo que daría como resultado una condición de denegación de servicio (DoS). La memoria podría recuperarse lentamente si se detiene el tráfico del ataque, pero puede ser necesaria una recarga manual para restaurar las operaciones rápidamente.

23 Oct 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-23 17:15

Updated : 2024-10-25 12:56

NVD link : CVE-2024-20260

Mitre link : CVE-2024-20260

CVE.ORG link : CVE-2024-20260

JSON object : View

Products Affected

No product.

CWE
CWE-789

Memory Allocation with Excessive Size Value


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024