CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 14, 2024

CVE-2024-20481

High

EPSS 11.1%CISA KEV

Cisco/Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

Description

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service.

EPSS — Exploit Probability

11.1%

Higher than 93.4% of all CVEs

Required Action

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW ; https://nvd.nist.gov/vuln/detail/CVE-2024-20481

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 11.1%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Oct 24, 2024

Added to KEV

Oct 24, 2024

Remediation Due

Nov 14, 2024

Affected Product

Cisco

Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

View all Cisco CVEs

External Links

NVD (NIST)CVE Details MITRE CVE