CVE-2024-20384
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. This vulnerability is due to a logic error that occurs when NSG ACLs are populated on an affected device. An attacker could exploit this vulnerability by establishing a connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.1 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.1.28 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.2 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.2.3 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.2.7 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.2.11 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.2.13 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.2.14 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.3 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.3.3 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.3.14 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.3.15 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.3.19 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.3.23 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.9 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.14 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.18 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.19 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.27 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.38 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.39 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.42 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.48 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.55 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.57 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.16.4.61 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1.7 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1.9 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1.10 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1.11 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1.13 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1.15 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1.20 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1.30 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1.33 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.17.1.39 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.1 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.1.3 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.2 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.2.5 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.2.7 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.2.8 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3.39 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3.46 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3.53 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3.55 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3.56 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.5 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.8 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.22 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.24 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.29 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.5 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.9 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.12 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.18 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.22 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.24 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.27 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.28 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.31 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.1 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.1.5 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.2 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.2.10 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.2.21 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.2.22 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.0 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.0.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.1.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.2 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.2.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.3 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.4 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.5 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.6 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.6.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.0.6.2 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.1.0 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.1.0.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.1.0.2 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.1.0.3 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.0 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.0.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.2 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.3 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.4 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.4.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.5 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.5.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.6 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.7 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.5.2 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.8 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.2.8.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.3.0 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.3.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.3.1.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.3.1.2 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.4.0 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.4.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.4.1.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.4.2 | affected |
Weaknesses
- CWE-290: Authentication Bypass by Spoofing
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.