A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Changed
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Cisco |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-04-24T18:15:57.646Z
Updated: 2024-08-01T21:59:41.487Z
Reserved: 2023-11-08T15:08:07.647Z
Link: CVE-2024-20353
Vulnrichment
Updated: 2024-08-01T21:59:41.487Z
NVD
Status : Modified
Published: 2024-04-24T19:15:46.723
Modified: 2024-11-21T08:52:26.293
Link: CVE-2024-20353
Redhat
No data.