How severe is CVE-2024-20407?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2024-20407?

This is classified as CWE-399, which is a common weakness in software security.

CVE-2024-20407

MEDIUM Year: 2024

CVSS v3 Score

5.8

Medium

Weakness Type

CWE-399

View all →

Vulnerability Description

A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies on an affected system. Devices that are configured with Snort 2 are not affected by this vulnerability. This vulnerability is due to a logic error when handling embryonic (half-open) TCP connections. An attacker could exploit this vulnerability by sending a crafted traffic pattern through an affected device. A successful exploit could allow unintended traffic to enter the network protected by the affected device.

CVE-2017-12311

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it rece...

CWE-3992017

CVE-2017-6613

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to...

CWE-3992017

CVE-2021-1377

MEDIUM

CVSS:5.8(Medium)

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resol...

CWE-3992021

CVE-2016-2116

MEDIUM

CVSS:5.7(Medium)

Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG ...

CWE-3992016

CVE-2014-9686

MEDIUM

CVSS:5.9(Medium)

The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googl...

CWE-3992014

CVE-2016-10259

MEDIUM

CVSS:5.9(Medium)

Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connect...

CWE-3992016

CVE-2024-20407

Vulnerability Description

Related Vulnerabilities

CVE-2017-12311

CVE-2017-6613

CVE-2021-1377

CVE-2016-2116

CVE-2014-9686

CVE-2016-10259