CVE-2024-20384

MEDIUM EPSS 35.0%
Published Oct 23, 20241y ago · Modified Jun 17, 20262w ago
5.8 CVSS 3.1
Medium
Find Similar
Published Oct 23, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. This vulnerability is due to a logic error that occurs when NSG ACLs are populated on an affected device. An attacker could exploit this vulnerability by establishing a connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.

CVSS Details

Base Score
5.8
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
35.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-290

Affected Products 110

VendorProductVersionRange
ciscoadaptive_security_appliance_software9.16.1any
ciscoadaptive_security_appliance_software9.16.1.28any
ciscoadaptive_security_appliance_software9.16.2any
ciscoadaptive_security_appliance_software9.16.2.3any
ciscoadaptive_security_appliance_software9.16.2.7any
ciscoadaptive_security_appliance_software9.16.2.11any
ciscoadaptive_security_appliance_software9.16.2.13any
ciscoadaptive_security_appliance_software9.16.2.14any
ciscoadaptive_security_appliance_software9.16.3any
ciscoadaptive_security_appliance_software9.16.3.3any
ciscoadaptive_security_appliance_software9.16.3.14any
ciscoadaptive_security_appliance_software9.16.3.15any
ciscoadaptive_security_appliance_software9.16.3.19any
ciscoadaptive_security_appliance_software9.16.3.23any
ciscoadaptive_security_appliance_software9.16.4any
ciscoadaptive_security_appliance_software9.16.4.9any
ciscoadaptive_security_appliance_software9.16.4.14any
ciscoadaptive_security_appliance_software9.16.4.18any
ciscoadaptive_security_appliance_software9.16.4.19any
ciscoadaptive_security_appliance_software9.16.4.27any
ciscoadaptive_security_appliance_software9.16.4.38any
ciscoadaptive_security_appliance_software9.16.4.39any
ciscoadaptive_security_appliance_software9.16.4.42any
ciscoadaptive_security_appliance_software9.16.4.48any
ciscoadaptive_security_appliance_software9.16.4.55any
ciscoadaptive_security_appliance_software9.16.4.57any
ciscoadaptive_security_appliance_software9.16.4.61any
ciscoadaptive_security_appliance_software9.17.1any
ciscoadaptive_security_appliance_software9.17.1.7any
ciscoadaptive_security_appliance_software9.17.1.9any
ciscoadaptive_security_appliance_software9.17.1.10any
ciscoadaptive_security_appliance_software9.17.1.11any
ciscoadaptive_security_appliance_software9.17.1.13any
ciscoadaptive_security_appliance_software9.17.1.15any
ciscoadaptive_security_appliance_software9.17.1.20any
ciscoadaptive_security_appliance_software9.17.1.30any
ciscoadaptive_security_appliance_software9.17.1.33any
ciscoadaptive_security_appliance_software9.17.1.39any
ciscoadaptive_security_appliance_software9.18.1any
ciscoadaptive_security_appliance_software9.18.1.3any
ciscoadaptive_security_appliance_software9.18.2any
ciscoadaptive_security_appliance_software9.18.2.5any
ciscoadaptive_security_appliance_software9.18.2.7any
ciscoadaptive_security_appliance_software9.18.2.8any
ciscoadaptive_security_appliance_software9.18.3any
ciscoadaptive_security_appliance_software9.18.3.39any
ciscoadaptive_security_appliance_software9.18.3.46any
ciscoadaptive_security_appliance_software9.18.3.53any
ciscoadaptive_security_appliance_software9.18.3.55any
ciscoadaptive_security_appliance_software9.18.3.56any
ciscoadaptive_security_appliance_software9.18.4any
ciscoadaptive_security_appliance_software9.18.4.5any
ciscoadaptive_security_appliance_software9.18.4.8any
ciscoadaptive_security_appliance_software9.18.4.22any
ciscoadaptive_security_appliance_software9.18.4.24any
ciscoadaptive_security_appliance_software9.18.4.29any
ciscoadaptive_security_appliance_software9.19.1any
ciscoadaptive_security_appliance_software9.19.1.5any
ciscoadaptive_security_appliance_software9.19.1.9any
ciscoadaptive_security_appliance_software9.19.1.12any
ciscoadaptive_security_appliance_software9.19.1.18any
ciscoadaptive_security_appliance_software9.19.1.22any
ciscoadaptive_security_appliance_software9.19.1.24any
ciscoadaptive_security_appliance_software9.19.1.27any
ciscoadaptive_security_appliance_software9.19.1.28any
ciscoadaptive_security_appliance_software9.19.1.31any
ciscoadaptive_security_appliance_software9.20.1any
ciscoadaptive_security_appliance_software9.20.1.5any
ciscoadaptive_security_appliance_software9.20.2any
ciscoadaptive_security_appliance_software9.20.2.10any
ciscoadaptive_security_appliance_software9.20.2.21any
ciscoadaptive_security_appliance_software9.20.2.22any
ciscofirepower_threat_defense7.0.0any
ciscofirepower_threat_defense7.0.0.1any
ciscofirepower_threat_defense7.0.1any
ciscofirepower_threat_defense7.0.1.1any
ciscofirepower_threat_defense7.0.2any
ciscofirepower_threat_defense7.0.2.1any
ciscofirepower_threat_defense7.0.3any
ciscofirepower_threat_defense7.0.4any
ciscofirepower_threat_defense7.0.5any
ciscofirepower_threat_defense7.0.6any
ciscofirepower_threat_defense7.0.6.1any
ciscofirepower_threat_defense7.0.6.2any
ciscofirepower_threat_defense7.1.0any
ciscofirepower_threat_defense7.1.0.1any
ciscofirepower_threat_defense7.1.0.2any
ciscofirepower_threat_defense7.1.0.3any
ciscofirepower_threat_defense7.2.0any
ciscofirepower_threat_defense7.2.0.1any
ciscofirepower_threat_defense7.2.1any
ciscofirepower_threat_defense7.2.2any
ciscofirepower_threat_defense7.2.3any
ciscofirepower_threat_defense7.2.4any
ciscofirepower_threat_defense7.2.4.1any
ciscofirepower_threat_defense7.2.5any
ciscofirepower_threat_defense7.2.5.1any
ciscofirepower_threat_defense7.2.5.2any
ciscofirepower_threat_defense7.2.6any
ciscofirepower_threat_defense7.2.7any
ciscofirepower_threat_defense7.2.8any
ciscofirepower_threat_defense7.2.8.1any
ciscofirepower_threat_defense7.3.0any
ciscofirepower_threat_defense7.3.1any
ciscofirepower_threat_defense7.3.1.1any
ciscofirepower_threat_defense7.3.1.2any
ciscofirepower_threat_defense7.4.0any
ciscofirepower_threat_defense7.4.1any
ciscofirepower_threat_defense7.4.1.1any
ciscofirepower_threat_defense7.4.2any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-nsgacl-bypass-77XnEAsL
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.