CVE-2024-20299

MEDIUM EPSS 37.0%
Published Oct 23, 20241y ago · Modified Jun 17, 20262w ago
5.8 CVSS 3.1
Medium
Find Similar
Published Oct 23, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit this vulnerability by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.

CVSS Details

Base Score
5.8
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
37.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-290

Affected Products 225

VendorProductVersionRange
ciscoadaptive_security_appliance_software9.8.1any
ciscoadaptive_security_appliance_software9.8.1.5any
ciscoadaptive_security_appliance_software9.8.1.7any
ciscoadaptive_security_appliance_software9.8.2any
ciscoadaptive_security_appliance_software9.8.2.8any
ciscoadaptive_security_appliance_software9.8.2.14any
ciscoadaptive_security_appliance_software9.8.2.15any
ciscoadaptive_security_appliance_software9.8.2.17any
ciscoadaptive_security_appliance_software9.8.2.20any
ciscoadaptive_security_appliance_software9.8.2.24any
ciscoadaptive_security_appliance_software9.8.2.26any
ciscoadaptive_security_appliance_software9.8.2.28any
ciscoadaptive_security_appliance_software9.8.2.33any
ciscoadaptive_security_appliance_software9.8.2.35any
ciscoadaptive_security_appliance_software9.8.2.38any
ciscoadaptive_security_appliance_software9.8.2.45any
ciscoadaptive_security_appliance_software9.8.3any
ciscoadaptive_security_appliance_software9.8.3.8any
ciscoadaptive_security_appliance_software9.8.3.11any
ciscoadaptive_security_appliance_software9.8.3.14any
ciscoadaptive_security_appliance_software9.8.3.16any
ciscoadaptive_security_appliance_software9.8.3.18any
ciscoadaptive_security_appliance_software9.8.3.21any
ciscoadaptive_security_appliance_software9.8.3.26any
ciscoadaptive_security_appliance_software9.8.3.29any
ciscoadaptive_security_appliance_software9.8.4any
ciscoadaptive_security_appliance_software9.8.4.3any
ciscoadaptive_security_appliance_software9.8.4.7any
ciscoadaptive_security_appliance_software9.8.4.8any
ciscoadaptive_security_appliance_software9.8.4.10any
ciscoadaptive_security_appliance_software9.8.4.12any
ciscoadaptive_security_appliance_software9.8.4.15any
ciscoadaptive_security_appliance_software9.8.4.17any
ciscoadaptive_security_appliance_software9.8.4.20any
ciscoadaptive_security_appliance_software9.8.4.22any
ciscoadaptive_security_appliance_software9.8.4.25any
ciscoadaptive_security_appliance_software9.8.4.26any
ciscoadaptive_security_appliance_software9.8.4.29any
ciscoadaptive_security_appliance_software9.8.4.32any
ciscoadaptive_security_appliance_software9.8.4.33any
ciscoadaptive_security_appliance_software9.8.4.34any
ciscoadaptive_security_appliance_software9.8.4.35any
ciscoadaptive_security_appliance_software9.8.4.39any
ciscoadaptive_security_appliance_software9.8.4.40any
ciscoadaptive_security_appliance_software9.8.4.41any
ciscoadaptive_security_appliance_software9.8.4.43any
ciscoadaptive_security_appliance_software9.8.4.44any
ciscoadaptive_security_appliance_software9.8.4.45any
ciscoadaptive_security_appliance_software9.8.4.46any
ciscoadaptive_security_appliance_software9.8.4.48any
ciscoadaptive_security_appliance_software9.12.1any
ciscoadaptive_security_appliance_software9.12.1.2any
ciscoadaptive_security_appliance_software9.12.1.3any
ciscoadaptive_security_appliance_software9.12.2any
ciscoadaptive_security_appliance_software9.12.2.1any
ciscoadaptive_security_appliance_software9.12.2.4any
ciscoadaptive_security_appliance_software9.12.2.5any
ciscoadaptive_security_appliance_software9.12.2.9any
ciscoadaptive_security_appliance_software9.12.3any
ciscoadaptive_security_appliance_software9.12.3.2any
ciscoadaptive_security_appliance_software9.12.3.7any
ciscoadaptive_security_appliance_software9.12.3.9any
ciscoadaptive_security_appliance_software9.12.3.12any
ciscoadaptive_security_appliance_software9.12.4any
ciscoadaptive_security_appliance_software9.12.4.2any
ciscoadaptive_security_appliance_software9.12.4.4any
ciscoadaptive_security_appliance_software9.12.4.7any
ciscoadaptive_security_appliance_software9.12.4.8any
ciscoadaptive_security_appliance_software9.12.4.10any
ciscoadaptive_security_appliance_software9.12.4.13any
ciscoadaptive_security_appliance_software9.12.4.18any
ciscoadaptive_security_appliance_software9.12.4.24any
ciscoadaptive_security_appliance_software9.12.4.26any
ciscoadaptive_security_appliance_software9.12.4.29any
ciscoadaptive_security_appliance_software9.12.4.30any
ciscoadaptive_security_appliance_software9.12.4.35any
ciscoadaptive_security_appliance_software9.12.4.37any
ciscoadaptive_security_appliance_software9.12.4.38any
ciscoadaptive_security_appliance_software9.12.4.39any
ciscoadaptive_security_appliance_software9.12.4.40any
ciscoadaptive_security_appliance_software9.12.4.41any
ciscoadaptive_security_appliance_software9.12.4.47any
ciscoadaptive_security_appliance_software9.12.4.48any
ciscoadaptive_security_appliance_software9.12.4.50any
ciscoadaptive_security_appliance_software9.12.4.52any
ciscoadaptive_security_appliance_software9.12.4.54any
ciscoadaptive_security_appliance_software9.12.4.55any
ciscoadaptive_security_appliance_software9.14.1any
ciscoadaptive_security_appliance_software9.14.1.6any
ciscoadaptive_security_appliance_software9.14.1.10any
ciscoadaptive_security_appliance_software9.14.1.15any
ciscoadaptive_security_appliance_software9.14.1.19any
ciscoadaptive_security_appliance_software9.14.1.30any
ciscoadaptive_security_appliance_software9.14.2any
ciscoadaptive_security_appliance_software9.14.2.4any
ciscoadaptive_security_appliance_software9.14.2.8any
ciscoadaptive_security_appliance_software9.14.2.13any
ciscoadaptive_security_appliance_software9.14.2.15any
ciscoadaptive_security_appliance_software9.14.3any
ciscoadaptive_security_appliance_software9.14.3.1any
ciscoadaptive_security_appliance_software9.14.3.9any
ciscoadaptive_security_appliance_software9.14.3.11any
ciscoadaptive_security_appliance_software9.14.3.13any
ciscoadaptive_security_appliance_software9.14.3.15any
ciscoadaptive_security_appliance_software9.14.3.18any
ciscoadaptive_security_appliance_software9.14.4any
ciscoadaptive_security_appliance_software9.14.4.6any
ciscoadaptive_security_appliance_software9.14.4.7any
ciscoadaptive_security_appliance_software9.14.4.12any
ciscoadaptive_security_appliance_software9.14.4.13any
ciscoadaptive_security_appliance_software9.14.4.14any
ciscoadaptive_security_appliance_software9.14.4.15any
ciscoadaptive_security_appliance_software9.14.4.17any
ciscoadaptive_security_appliance_software9.15.1any
ciscoadaptive_security_appliance_software9.15.1.1any
ciscoadaptive_security_appliance_software9.15.1.7any
ciscoadaptive_security_appliance_software9.15.1.10any
ciscoadaptive_security_appliance_software9.15.1.15any
ciscoadaptive_security_appliance_software9.15.1.16any
ciscoadaptive_security_appliance_software9.15.1.17any
ciscoadaptive_security_appliance_software9.15.1.21any
ciscoadaptive_security_appliance_software9.16.1any
ciscoadaptive_security_appliance_software9.16.1.28any
ciscoadaptive_security_appliance_software9.16.2any
ciscoadaptive_security_appliance_software9.16.2.3any
ciscoadaptive_security_appliance_software9.16.2.7any
ciscoadaptive_security_appliance_software9.16.2.11any
ciscoadaptive_security_appliance_software9.16.2.13any
ciscoadaptive_security_appliance_software9.16.2.14any
ciscoadaptive_security_appliance_software9.16.3any
ciscoadaptive_security_appliance_software9.16.3.3any
ciscoadaptive_security_appliance_software9.16.3.14any
ciscoadaptive_security_appliance_software9.16.3.15any
ciscoadaptive_security_appliance_software9.16.3.19any
ciscoadaptive_security_appliance_software9.16.3.23any
ciscoadaptive_security_appliance_software9.16.4any
ciscoadaptive_security_appliance_software9.16.4.9any
ciscoadaptive_security_appliance_software9.17.1any
ciscoadaptive_security_appliance_software9.17.1.7any
ciscoadaptive_security_appliance_software9.17.1.9any
ciscoadaptive_security_appliance_software9.17.1.10any
ciscoadaptive_security_appliance_software9.17.1.11any
ciscoadaptive_security_appliance_software9.17.1.13any
ciscoadaptive_security_appliance_software9.17.1.15any
ciscoadaptive_security_appliance_software9.17.1.20any
ciscoadaptive_security_appliance_software9.18.1any
ciscoadaptive_security_appliance_software9.18.1.3any
ciscoadaptive_security_appliance_software9.18.2any
ciscoadaptive_security_appliance_software9.18.2.5any
ciscoadaptive_security_appliance_software9.18.2.7any
ciscoadaptive_security_appliance_software9.18.2.8any
ciscoadaptive_security_appliance_software9.19.1any
ciscofirepower_threat_defense6.2.3any
ciscofirepower_threat_defense6.2.3.1any
ciscofirepower_threat_defense6.2.3.2any
ciscofirepower_threat_defense6.2.3.3any
ciscofirepower_threat_defense6.2.3.4any
ciscofirepower_threat_defense6.2.3.5any
ciscofirepower_threat_defense6.2.3.6any
ciscofirepower_threat_defense6.2.3.7any
ciscofirepower_threat_defense6.2.3.8any
ciscofirepower_threat_defense6.2.3.9any
ciscofirepower_threat_defense6.2.3.10any
ciscofirepower_threat_defense6.2.3.11any
ciscofirepower_threat_defense6.2.3.12any
ciscofirepower_threat_defense6.2.3.13any
ciscofirepower_threat_defense6.2.3.14any
ciscofirepower_threat_defense6.2.3.15any
ciscofirepower_threat_defense6.2.3.16any
ciscofirepower_threat_defense6.2.3.17any
ciscofirepower_threat_defense6.2.3.18any
ciscofirepower_threat_defense6.4.0any
ciscofirepower_threat_defense6.4.0.1any
ciscofirepower_threat_defense6.4.0.2any
ciscofirepower_threat_defense6.4.0.3any
ciscofirepower_threat_defense6.4.0.4any
ciscofirepower_threat_defense6.4.0.5any
ciscofirepower_threat_defense6.4.0.6any
ciscofirepower_threat_defense6.4.0.7any
ciscofirepower_threat_defense6.4.0.8any
ciscofirepower_threat_defense6.4.0.9any
ciscofirepower_threat_defense6.4.0.10any
ciscofirepower_threat_defense6.4.0.11any
ciscofirepower_threat_defense6.4.0.12any
ciscofirepower_threat_defense6.4.0.13any
ciscofirepower_threat_defense6.4.0.14any
ciscofirepower_threat_defense6.4.0.15any
ciscofirepower_threat_defense6.4.0.16any
ciscofirepower_threat_defense6.6.0any
ciscofirepower_threat_defense6.6.0.1any
ciscofirepower_threat_defense6.6.1any
ciscofirepower_threat_defense6.6.3any
ciscofirepower_threat_defense6.6.4any
ciscofirepower_threat_defense6.6.5any
ciscofirepower_threat_defense6.6.5.1any
ciscofirepower_threat_defense6.6.5.2any
ciscofirepower_threat_defense6.6.7any
ciscofirepower_threat_defense6.6.7.1any
ciscofirepower_threat_defense6.6.7.2any
ciscofirepower_threat_defense6.7.0any
ciscofirepower_threat_defense6.7.0.1any
ciscofirepower_threat_defense6.7.0.2any
ciscofirepower_threat_defense6.7.0.3any
ciscofirepower_threat_defense7.0.0any
ciscofirepower_threat_defense7.0.0.1any
ciscofirepower_threat_defense7.0.1any
ciscofirepower_threat_defense7.0.1.1any
ciscofirepower_threat_defense7.0.2any
ciscofirepower_threat_defense7.0.2.1any
ciscofirepower_threat_defense7.0.3any
ciscofirepower_threat_defense7.0.4any
ciscofirepower_threat_defense7.0.5any
ciscofirepower_threat_defense7.1.0any
ciscofirepower_threat_defense7.1.0.1any
ciscofirepower_threat_defense7.1.0.2any
ciscofirepower_threat_defense7.1.0.3any
ciscofirepower_threat_defense7.2.0any
ciscofirepower_threat_defense7.2.0.1any
ciscofirepower_threat_defense7.2.1any
ciscofirepower_threat_defense7.2.2any
ciscofirepower_threat_defense7.2.3any
ciscofirepower_threat_defense7.3.0any
ciscofirepower_threat_defense7.3.1any
ciscofirepower_threat_defense7.3.1.1any
ciscofirepower_threat_defense7.3.1.2any

References 3

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-acl-bypass-VvnLNKqf
    Vendor Advisory
  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO
    Broken Link
  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.