CVE-2024-20293

Severity Score

5.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to a logic error that occurs when an ACL changes from inactive to active in the running configuration of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. The reverse condition is also true—traffic that should be permitted could be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. Note: This vulnerability applies to both IPv4 and IPv6 traffic as well as dual-stack ACL configurations in which both IPv4 and IPv6 ACLs are configured on an interface.

Una vulnerabilidad en la activación de una lista de control de acceso (ACL) en el software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podría permitir que un atacante remoto no autenticado evite la protección que ofrece una ACL configurada en un dispositivo afectado. Esta vulnerabilidad se debe a un error lógico que ocurre cuando una ACL cambia de inactiva a activa en la configuración en ejecución de un dispositivo afectado. Un atacante podría aprovechar esta vulnerabilidad enviando tráfico a través del dispositivo afectado que la ACL configurada debería denegar. La condición inversa también es cierta: la ACL configurada podría denegar el tráfico que debería permitirse. Un exploit exitoso podría permitir al atacante eludir las protecciones ACL configuradas en el dispositivo afectado, permitiéndole acceder a redes confiables que el dispositivo podría estar protegiendo. Nota: Esta vulnerabilidad se aplica al tráfico IPv4 e IPv6, así como a configuraciones de ACL de doble pila en las que las ACL IPv4 e IPv6 están configuradas en una interfaz.

*Credits: N/A

CVSS Scores

Ciscov3.1 5.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-11-08 CVE Reserved
2024-05-22 CVE Published
2024-05-23 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-436: Interpretation Conflict

CAPEC

References (1)

URL	Tag	Source
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ogsnsg-aclbyp-3XB8q6jX

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Cisco Adaptive Security Appliance (ASA) Software Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software"				9.19.1 Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software" and version "9.19.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Adaptive Security Appliance (ASA) Software Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software"				9.19.1.5 Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software" and version "9.19.1.5"		en		Affected
Cisco Search vendor "Cisco"		Cisco Adaptive Security Appliance (ASA) Software Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software"				9.19.1.9 Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software" and version "9.19.1.9"		en		Affected
Cisco Search vendor "Cisco"		Cisco Adaptive Security Appliance (ASA) Software Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software"				9.19.1.12 Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software" and version "9.19.1.12"		en		Affected
Cisco Search vendor "Cisco"		Cisco Adaptive Security Appliance (ASA) Software Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software"				9.19.1.18 Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software" and version "9.19.1.18"		en		Affected
Cisco Search vendor "Cisco"		Cisco Adaptive Security Appliance (ASA) Software Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software"				9.19.1.22 Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software" and version "9.19.1.22"		en		Affected
Cisco Search vendor "Cisco"		Cisco Adaptive Security Appliance (ASA) Software Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software"				9.19.1.24 Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software" and version "9.19.1.24"		en		Affected
Cisco Search vendor "Cisco"		Cisco Adaptive Security Appliance (ASA) Software Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software"				9.20.1 Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software" and version "9.20.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Adaptive Security Appliance (ASA) Software Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software"				9.20.1.5 Search vendor "Cisco" for product "Cisco Adaptive Security Appliance (ASA) Software" and version "9.20.1.5"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Threat Defense Software Search vendor "Cisco" for product "Cisco Firepower Threat Defense Software"				7.3.0 Search vendor "Cisco" for product "Cisco Firepower Threat Defense Software" and version "7.3.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Threat Defense Software Search vendor "Cisco" for product "Cisco Firepower Threat Defense Software"				7.3.1 Search vendor "Cisco" for product "Cisco Firepower Threat Defense Software" and version "7.3.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Threat Defense Software Search vendor "Cisco" for product "Cisco Firepower Threat Defense Software"				7.3.1.1 Search vendor "Cisco" for product "Cisco Firepower Threat Defense Software" and version "7.3.1.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Threat Defense Software Search vendor "Cisco" for product "Cisco Firepower Threat Defense Software"				7.3.1.2 Search vendor "Cisco" for product "Cisco Firepower Threat Defense Software" and version "7.3.1.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Firepower Threat Defense Software Search vendor "Cisco" for product "Cisco Firepower Threat Defense Software"				7.4.0 Search vendor "Cisco" for product "Cisco Firepower Threat Defense Software" and version "7.4.0"		en		Affected