CVE-2024-20297

MEDIUM Year: 2024
CVSS v3 Score
5.8
Medium
Weakness Type
CWE-290
View all →

Vulnerability Description

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit this vulnerability by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.

Related Vulnerabilities

CVE-2023-20245

MEDIUM
CVSS:5.8(Medium)

Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote a...

CWE-2902023

CVE-2023-20256

MEDIUM
CVSS:5.8(Medium)

Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote a...

CWE-2902023

CVE-2024-20299

MEDIUM
CVSS:5.8(Medium)

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to byp...

CWE-2902024

CVE-2024-20363

MEDIUM
CVSS:5.8(Medium)

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules o...

CWE-2902024

CVE-2024-20384

MEDIUM
CVSS:5.8(Medium)

A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote ...

CWE-2902024

CVE-2020-27276

MEDIUM
CVSS:5.7(Medium)

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the ...

CWE-2902020