Versions
9.8.2.15
9.8.4.35
9.12.4.13
9.8.3.16
9.16.3.23
9.15.1.21
9.18.4.8
9.14.4
9.12.4.35
9.12.4.4
9.9
9.14.4.23
9.8.4.34
9.12.4.38
9.8.2.33
9.20.1.5
9.14.3.15
9.14.3.18
9.8.1
9.12.1.3
9.15.1.15
9.12.4.47
9.8.2.26
9.12.4.48
9.17.1.9
9.20.2
9.12.4.41
9.8.3.29
9.8.4.8
9.14.4.15
9.8.3.26
9.14.1.10
9.8.3.14
9.17.1.33
9.16.3.3
9.14.1
9.12.3.9
9.14.3
9.15.1.17
9.8.3.18
9.18.4.5
9.16.4.14
9.12.3
9.8.4.45
9.19.1.28
9.14.2.13
9.8.3
9.20.3
9.8.4.20
9.18.3.53
9.17.1
9.18.4.22
9.16.1.28
9.17.1.20
9.12.4
9.12.4.67
9.14.4.22
9.12.4.29
9.12.2.9
9.8.4.10
9.16.4.61
9.14.4.7
9.8
9.14.3.11
9.8.2.8
9.16.1
9.18.2
9.8.3.8
9.16.4.70
9.19.1.24
9.17.1.11
9.12.4.52
9.10
9.19.1
9.19.1.5
9.15.1.16
9.8.2.45
9.17.1.15
9.8.4.17
9.16.4.27
9.12.1
9.8.4
9.17.1.10
9.14.4.6
9.16.3.14
9.16.4.48
9.8.4.46
0
9.8.4.15
9.18.3.46
9.8.4.32
9.14.3.13
9.14.1.6
9.19.1.18
9.16.2
9.8.4.48
9.14.1.30
9.15.1
9.8.4.22
9.19.1.31
9.17.1.13
9.12.4.55
9.19.1.22
9.14.4.17
9.16.2.3
9.18.4.29
9.12.4.7
9.13
9.15.1.10
9.16.4.67
9.14.4.14
9.19.1.27
9.12.1.2
9.18.4
19.17.1.39
9.16.3.19
9.14.3.1
9.8.1.7
9.18.3.55
9.16.4.42
9.16.2.7
9.12.4.26
9.12
9.12.4.40
9.8.1.5
9.14.2.8
9.8.4.43
9.8.2.35
9.16.2.11
9.18.4.24
9.14.2.15
9.16.4.62
9.14.1.15
9.17.1.30
9.14.4.24
9.8.4.12
9.19.1.12
9.8.4.41
9.18.1
9.12.4.37
9.8.2.38
9.8.4.39
9.20.2.10
9.12.4.2
9.12.4.62
9.12.4.18
9.12.4.54
9.12.2.5
9.12.4.10
9.8.4.44
9.8.4.3
9.8.3.21
9.8.3.11
9.16.3.15
9.16.4.18
9.8.2.24
9.20.2.21
9.19.1.9
9.8.4.29
9.8.2.28
9.12.3.7
9.16.4.57
9.16.3
9.15.1.1
9.12.2.1
9.12.4.56
9.16.4.39
9.8.2
9.8.4.33
9.16.4.9
9.12.3.2
9.8.4.25
9.14.4.13
9.20.2.22
9.17.1.39
9.12.4.30
9.12.3.12
9.14.4.12
9.8.2.17
9.20.1
9.8.4.7
9.18.2.7
9.18.4.34
9.18.2.5
9.18.3.56
9.8.2.14
9.18.3.39
9.14.1.19
9.16.4.55
9.16.2.13
9.12.4.39
9.12.4.8
9.14.2.4
9.16.4.38
9.15.1.7
9.12.4.50
9.16.4.19
9.12.2.4
9.16.4
9.12.4.65
9.12.2
9.8.4.26
9.14.3.9
9.8.4.40
9.8.2.20
9.16.2.14
9.18.4.40
9.12.4.58
9.18.3
9.18.1.3
9.14.2
9.17.1.7
9.12.4.24
9.18.2.8
Recent CVEs
CVE-2024-20526
A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. An attacker could exploit this vulnerability by sending crafted SSH messages to an affected device. A successful exploit could allow the attacker to exhaust available SSH resources on the affected device so that new SSH connections to the device are denied, resulting in a DoS condition. Existing SSH connections to the device would continue to function normally. The device must be rebooted manually to recover. However, user traffic would not be impacted and could be managed using a remote application such as Cisco Adaptive Security Device Manager (ASDM).
CVE-2024-20495
A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
CVE-2024-20494
A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper data validation during the TLS 1.3 handshake. An attacker could exploit this vulnerability by sending a crafted TLS 1.3 packet to an affected system through a TLS 1.3-enabled listening socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: This vulnerability can also impact the integrity of a device by causing VPN HostScan communication failures or file transfer failures when Cisco ASA Software is upgraded using Cisco Adaptive Security Device Manager (ASDM).
CVE-2024-20485
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a specific file when it is read from system flash memory. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
CVE-2024-20481
A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected. Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials.
CVE-2024-20370
A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability. This vulnerability exists because certain system configurations and executable files have insecure storage and permissions. An attacker could exploit this vulnerability by authenticating on the device and then performing a series of steps that includes downloading malicious system files and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain root access on the device.
CVE-2024-20329
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system.
CVE-2024-20299
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit this vulnerability by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.
CVE-2024-20297
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit this vulnerability by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.
CVE-2024-20260
A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management for new incoming SSL/TLS connections on the virtual platforms. An attacker could exploit this vulnerability by sending a large number of new incoming SSL/TLS connections to the targeted virtual platform. A successful exploit could allow the attacker to deplete system memory, resulting in a denial of service (DoS) condition. The memory could be reclaimed slowly if the attack traffic is stopped, but a manual reload may be required to restore operations quickly.