How severe is CVE-2024-20293?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2024-20293?

This is classified as CWE-436, which is a common weakness in software security.

CVE-2024-20293

MEDIUM Year: 2024

CVSS v3 Score

5.8

Medium

Weakness Type

CWE-436

View all →

Vulnerability Description

A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to a logic error that occurs when an ACL changes from inactive to active in the running configuration of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. The reverse condition is also true—traffic that should be permitted could be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. Note: This vulnerability applies to both IPv4 and IPv6 traffic as well as dual-stack ACL configurations in which both IPv4 and IPv6 ACLs are configured on an interface.

CVE-2020-9264

MEDIUM

CVSS:5.5(Medium)

ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Interne...

CWE-4362020

CVE-2020-9342

MEDIUM

CVSS:5.5(Medium)

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Prot...

CWE-4362020

CVE-2020-9399

MEDIUM

CVSS:5.5(Medium)

The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.

CWE-4362020

CVE-2023-22998

MEDIUM

CVSS:5.5(Medium)

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an ...

CWE-4362023

CVE-2023-30541

MEDIUM

CVSS:5.3(Medium)

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. ...

CWE-4362023

CVE-2024-3386

MEDIUM

CVSS:5.3(Medium)

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains t...

CWE-4362024

CVE-2024-20293

Vulnerability Description

Related Vulnerabilities

CVE-2020-9264

CVE-2020-9342

CVE-2020-9399

CVE-2023-22998

CVE-2023-30541

CVE-2024-3386