CVSS: 5.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-20293
https://notcve.org/view.php?id=CVE-2024-20293
22 May 2024 — A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to a logic error that occurs when an ACL changes from inactive to active in the running configuration of an affected device. An attacker could exploit this vulnerability by sending traff... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ogsnsg-aclbyp-3XB8q6jX • CWE-436: Interpretation Conflict •
CVSS: 5.0EPSS: 0%CPEs: 227EXPL: 0CVE-2024-20355
https://notcve.org/view.php?id=CVE-2024-20355
22 May 2024 — A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affected device. This vulnerability is due to improper separation of authorization domains when using SAML authentication. An attacker could exploit this vulnerability by using valid credentials to successfully authe... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-bypass-KkNvXyKW • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 267EXPL: 0CVE-2024-20358
https://notcve.org/view.php?id=CVE-2024-20358
24 Apr 2024 — A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8Wysm • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.0EPSS: 0%CPEs: 267EXPL: 0CVE-2024-20359 – Cisco ASA and FTD Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20359
24 Apr 2024 — A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attac... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 57%CPEs: 267EXPL: 1CVE-2024-20353 – Cisco ASA and FTD Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20353
24 Apr 2024 — A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful... • https://github.com/codeb0ss/CVE-2024-20353-PoC • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.3EPSS: 0%CPEs: 239EXPL: 0CVE-2023-20275
https://notcve.org/view.php?id=CVE-2023-20275
12 Dec 2023 — A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper validation of the packet's inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacker to send a ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-Y88QOm77 • CWE-346: Origin Validation Error •
CVSS: 5.0EPSS: 0%CPEs: 229EXPL: 0CVE-2023-20247
https://notcve.org/view.php?id=CVE-2023-20247
01 Nov 2023 — A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-multi-cert-dzA3h5PT • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.6EPSS: 0%CPEs: 177EXPL: 0CVE-2023-20095
https://notcve.org/view.php?id=CVE-2023-20095
01 Nov 2023 — A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of HTTPS requests. An attacker could exploit this vulnerability by sending crafted HTTPS requests to an affected system. A successful exploit could allow the attacker to cause resource exhaustion, r... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-dos-3GhZQBAS • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.6EPSS: 0%CPEs: 51EXPL: 0CVE-2023-20042
https://notcve.org/view.php?id=CVE-2023-20042
01 Nov 2023 — A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TL... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-kxG8mpUA • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20264
https://notcve.org/view.php?id=CVE-2023-20264
01 Nov 2023 — A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-hijack-ttuQfyz • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •