Analysis Summary

CVE-2024-20473 CVSS:6.5

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system.

CVE-2024-20297 CVSS:5.8

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device.

CVE-2024-20299 CVSS:5.8

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device

CVE-2024-20331 CVSS:6.8

Cisco Adaptive Security Appliance and Firepower Threat Defense Software is vulnerable to a denial of service, caused by insufficient entropy in the authentication process. By sending a specially crafted request, a remote attacker could exploit this vulnerability to force a user to restart the authentication process, preventing a legitimate user from establishing remote access VPN sessions.

CVE-2024-20493 CVSS:5.3

A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several minutes, resulting in a temporary denial of service (DoS) condition. This vulnerability is due to ineffective handling of memory resources during the authentication process.

CVE-2024-20374 CVSS:6.5

Cisco Secure Firewall Management Center Software could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation of certain HTTP request parameters. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands as the root user on the system.

CVE-2024-20341 CVSS:6.1

Cisco Adaptive Security Appliance and Firepower Threat Defense Software are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Impact

• Security Bypass
• Cross-site Scripting
• Gain Access
• Data Manipulation

Indicators of Compromise

CVE

• CVE-2024-20473

• CVE-2024-20297

• CVE-2024-20299

• CVE-2024-20331

• CVE-2024-20493

• CVE-2024-20374

• CVE-2024-20341

Affected Vendors

Remediation

Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-20473

CVE-2024-20297

CVE-2024-20299

CVE-2024-20331

CVE-2024-20493

CVE-2024-20374

CVE-2024-20341