#VU99324 Authentication Bypass by Spoofing in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) - CVE-2024-20299

Cybersecurity Help s.r.o.

Published: 2024-10-24

Vulnerability identifier: #VU99324

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-20299

CWE-ID: CWE-290

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Adaptive Security Appliance (ASA)
Hardware solutions / Security hardware applicances
Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. A remote attacker can bypass configured ACL rules.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Adaptive Security Appliance (ASA): 6.2.3 - 6.2.3.18, 6.4.0 - 6.4.0.16, 6.6.0 - 6.6.7.2, 6.7.0 - 6.7.0.3, 7.0.0 - 7.0.5, 7.1.0 - 7.1.0.3, 7.2.0 - 7.2.3, 7.3.0 - 7.3.1.2, 9.8.1 - 9.8.4.48, 9.12.1 - 9.19.1

Cisco Firepower Threat Defense (FTD): 6.2.3 - 6.2.3.18, 6.4.0 - 6.4.0.16, 6.6.0 - 6.6.7.2, 6.7.0 - 6.7.0.3, 7.0.0 - 7.0.5, 7.1.0 - 7.1.0.3, 7.2.0 - 7.2.3, 7.3.0 - 7.3.1.2, 9.8.1 - 9.8.1.7, 9.8.2 - 9.8.2.45, 9.8.3 - 9.8.3.29, 9.8.4 - 9.8.4.48, 9.12.1 - 9.12.1.3, 9.12.2 - 9.12.2.9, 9.12.3 - 9.12.3.12, 9.12.4 - 9.12.4.55, 9.14.1 - 9.14.1.30, 9.14.2 - 9.14.2.15, 9.14.3 - 9.14.3.18, 9.14.4 - 9.14.4.17, 9.15.1 - 9.15.1.21, 9.16.1 - 9.16.1.28, 9.16.2 - 9.16.2.14, 9.16.3 - 9.16.3.23, 9.16.4 - 9.16.4.9, 9.17.1 - 9.17.1.20, 9.18.1 - 9.18.1.3, 9.18.2 - 9.18.2.8, 9.19.1

External links
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-acl-bypass-VvnLNKqf
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco Adaptive Security Appliance and Firepower Threat Defense Software