How severe is CVE-2024-20261?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2024-20261?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2024-20261

MEDIUM Year: 2024

CVSS v3 Score

5.8

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a logic error when a specific class of encrypted archive files is inspected. An attacker could exploit this vulnerability by sending a crafted, encrypted archive file through the affected device. A successful exploit could allow the attacker to send an encrypted archive file, which could contain malware and should have been blocked and dropped at the Cisco FTD device.

CVE-2018-11456

MEDIUM

CVSS:5.8(Medium)

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine wh...

CWE-2842018

CVE-2019-12627

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensiti...

CWE-2842019

CVE-2019-1686

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass prot...

CWE-2842019

CVE-2020-3312

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive d...

CWE-2842020

CVE-2020-3448

MEDIUM

CVSS:5.8(Medium)

A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are runn...

CWE-2842020

CVE-2020-3564

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to by...

CWE-2842020

CVE-2024-20261

Vulnerability Description

Related Vulnerabilities

CVE-2018-11456

CVE-2019-12627

CVE-2019-1686

CVE-2020-3312

CVE-2020-3448

CVE-2020-3564