How severe is CVE-2024-20331?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-20331?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2024-20331

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-330

View all →

Vulnerability Description

A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating. This vulnerability is due to insufficient entropy in the authentication process. An attacker could exploit this vulnerability by determining the handle of an authenticating user and using it to terminate their authentication session. A successful exploit could allow the attacker to force a user to restart the authentication process, preventing a legitimate user from establishing remote access VPN sessions.

CVE-2013-0294

MEDIUM

CVSS:5.9(Medium)

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute forc...

CWE-3302013

CVE-2018-11045

MEDIUM

CVSS:5.9(Medium)

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance im...

CWE-3302018

CVE-2018-1108

MEDIUM

CVSS:5.9(Medium)

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the...

CWE-3302018

CVE-2018-13280

MEDIUM

CVSS:5.9(Medium)

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sess...

CWE-3302018

CVE-2019-11690

MEDIUM

CVSS:5.9(Medium)

gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boo...

CWE-3302019

CVE-2019-11840

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/c...

CWE-3302019

CVE-2024-20331

Vulnerability Description

Related Vulnerabilities

CVE-2013-0294

CVE-2018-11045

CVE-2018-1108

CVE-2018-13280

CVE-2019-11690

CVE-2019-11840