CVE-2024-20384
MEDIUM EPSS 35.0%
Published Oct 23, 20241y ago · Modified Jun 17, 20262w ago
5.8 CVSS 3.1
Published Oct 23, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. This vulnerability is due to a logic error that occurs when NSG ACLs are populated on an affected device. An attacker could exploit this vulnerability by establishing a connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality None
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
35.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-290
Affected Products 110
| Vendor | Product | Version | Range |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | 9.16.1 | any |
| cisco | adaptive_security_appliance_software | 9.16.1.28 | any |
| cisco | adaptive_security_appliance_software | 9.16.2 | any |
| cisco | adaptive_security_appliance_software | 9.16.2.3 | any |
| cisco | adaptive_security_appliance_software | 9.16.2.7 | any |
| cisco | adaptive_security_appliance_software | 9.16.2.11 | any |
| cisco | adaptive_security_appliance_software | 9.16.2.13 | any |
| cisco | adaptive_security_appliance_software | 9.16.2.14 | any |
| cisco | adaptive_security_appliance_software | 9.16.3 | any |
| cisco | adaptive_security_appliance_software | 9.16.3.3 | any |
| cisco | adaptive_security_appliance_software | 9.16.3.14 | any |
| cisco | adaptive_security_appliance_software | 9.16.3.15 | any |
| cisco | adaptive_security_appliance_software | 9.16.3.19 | any |
| cisco | adaptive_security_appliance_software | 9.16.3.23 | any |
| cisco | adaptive_security_appliance_software | 9.16.4 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.9 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.14 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.18 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.19 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.27 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.38 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.39 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.42 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.48 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.55 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.57 | any |
| cisco | adaptive_security_appliance_software | 9.16.4.61 | any |
| cisco | adaptive_security_appliance_software | 9.17.1 | any |
| cisco | adaptive_security_appliance_software | 9.17.1.7 | any |
| cisco | adaptive_security_appliance_software | 9.17.1.9 | any |
| cisco | adaptive_security_appliance_software | 9.17.1.10 | any |
| cisco | adaptive_security_appliance_software | 9.17.1.11 | any |
| cisco | adaptive_security_appliance_software | 9.17.1.13 | any |
| cisco | adaptive_security_appliance_software | 9.17.1.15 | any |
| cisco | adaptive_security_appliance_software | 9.17.1.20 | any |
| cisco | adaptive_security_appliance_software | 9.17.1.30 | any |
| cisco | adaptive_security_appliance_software | 9.17.1.33 | any |
| cisco | adaptive_security_appliance_software | 9.17.1.39 | any |
| cisco | adaptive_security_appliance_software | 9.18.1 | any |
| cisco | adaptive_security_appliance_software | 9.18.1.3 | any |
| cisco | adaptive_security_appliance_software | 9.18.2 | any |
| cisco | adaptive_security_appliance_software | 9.18.2.5 | any |
| cisco | adaptive_security_appliance_software | 9.18.2.7 | any |
| cisco | adaptive_security_appliance_software | 9.18.2.8 | any |
| cisco | adaptive_security_appliance_software | 9.18.3 | any |
| cisco | adaptive_security_appliance_software | 9.18.3.39 | any |
| cisco | adaptive_security_appliance_software | 9.18.3.46 | any |
| cisco | adaptive_security_appliance_software | 9.18.3.53 | any |
| cisco | adaptive_security_appliance_software | 9.18.3.55 | any |
| cisco | adaptive_security_appliance_software | 9.18.3.56 | any |
| cisco | adaptive_security_appliance_software | 9.18.4 | any |
| cisco | adaptive_security_appliance_software | 9.18.4.5 | any |
| cisco | adaptive_security_appliance_software | 9.18.4.8 | any |
| cisco | adaptive_security_appliance_software | 9.18.4.22 | any |
| cisco | adaptive_security_appliance_software | 9.18.4.24 | any |
| cisco | adaptive_security_appliance_software | 9.18.4.29 | any |
| cisco | adaptive_security_appliance_software | 9.19.1 | any |
| cisco | adaptive_security_appliance_software | 9.19.1.5 | any |
| cisco | adaptive_security_appliance_software | 9.19.1.9 | any |
| cisco | adaptive_security_appliance_software | 9.19.1.12 | any |
| cisco | adaptive_security_appliance_software | 9.19.1.18 | any |
| cisco | adaptive_security_appliance_software | 9.19.1.22 | any |
| cisco | adaptive_security_appliance_software | 9.19.1.24 | any |
| cisco | adaptive_security_appliance_software | 9.19.1.27 | any |
| cisco | adaptive_security_appliance_software | 9.19.1.28 | any |
| cisco | adaptive_security_appliance_software | 9.19.1.31 | any |
| cisco | adaptive_security_appliance_software | 9.20.1 | any |
| cisco | adaptive_security_appliance_software | 9.20.1.5 | any |
| cisco | adaptive_security_appliance_software | 9.20.2 | any |
| cisco | adaptive_security_appliance_software | 9.20.2.10 | any |
| cisco | adaptive_security_appliance_software | 9.20.2.21 | any |
| cisco | adaptive_security_appliance_software | 9.20.2.22 | any |
| cisco | firepower_threat_defense | 7.0.0 | any |
| cisco | firepower_threat_defense | 7.0.0.1 | any |
| cisco | firepower_threat_defense | 7.0.1 | any |
| cisco | firepower_threat_defense | 7.0.1.1 | any |
| cisco | firepower_threat_defense | 7.0.2 | any |
| cisco | firepower_threat_defense | 7.0.2.1 | any |
| cisco | firepower_threat_defense | 7.0.3 | any |
| cisco | firepower_threat_defense | 7.0.4 | any |
| cisco | firepower_threat_defense | 7.0.5 | any |
| cisco | firepower_threat_defense | 7.0.6 | any |
| cisco | firepower_threat_defense | 7.0.6.1 | any |
| cisco | firepower_threat_defense | 7.0.6.2 | any |
| cisco | firepower_threat_defense | 7.1.0 | any |
| cisco | firepower_threat_defense | 7.1.0.1 | any |
| cisco | firepower_threat_defense | 7.1.0.2 | any |
| cisco | firepower_threat_defense | 7.1.0.3 | any |
| cisco | firepower_threat_defense | 7.2.0 | any |
| cisco | firepower_threat_defense | 7.2.0.1 | any |
| cisco | firepower_threat_defense | 7.2.1 | any |
| cisco | firepower_threat_defense | 7.2.2 | any |
| cisco | firepower_threat_defense | 7.2.3 | any |
| cisco | firepower_threat_defense | 7.2.4 | any |
| cisco | firepower_threat_defense | 7.2.4.1 | any |
| cisco | firepower_threat_defense | 7.2.5 | any |
| cisco | firepower_threat_defense | 7.2.5.1 | any |
| cisco | firepower_threat_defense | 7.2.5.2 | any |
| cisco | firepower_threat_defense | 7.2.6 | any |
| cisco | firepower_threat_defense | 7.2.7 | any |
| cisco | firepower_threat_defense | 7.2.8 | any |
| cisco | firepower_threat_defense | 7.2.8.1 | any |
| cisco | firepower_threat_defense | 7.3.0 | any |
| cisco | firepower_threat_defense | 7.3.1 | any |
| cisco | firepower_threat_defense | 7.3.1.1 | any |
| cisco | firepower_threat_defense | 7.3.1.2 | any |
| cisco | firepower_threat_defense | 7.4.0 | any |
| cisco | firepower_threat_defense | 7.4.1 | any |
| cisco | firepower_threat_defense | 7.4.1.1 | any |
| cisco | firepower_threat_defense | 7.4.2 | any |
References 1
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-nsgacl-bypass-77XnEAsL
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.