CVE-2024-20297

high-risk

Published 2024-10-23

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit this vulnerability by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.

Do I need to act?

0.34% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.8/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Adaptive Security Appliance Software

Affected Vendors

Cisco

References (3)

Vendor Advisory https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

Broken Link https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

Vendor Advisory https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300

/ 100

high-risk

Severity 22/34 · High

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical