CVE-2024-20351: Cisco Firepower Threat Defense Software Snort Firewall Denial of Service Vulnerability
First published: Wed Oct 23 2024(Updated: )
A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of TCP/IP network traffic. An attacker could exploit this vulnerability by sending a large amount of TCP/IP network traffic through the affected device. A successful exploit could allow the attacker to cause the Cisco FTD device to drop network traffic, resulting in a DoS condition. The affected device must be rebooted to resolve the DoS condition.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Firewall Threat Defense |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort-fw-BCJTZPMu
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO
- https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-xss-yjj7ZjVq
Frequently Asked Questions
What is the severity of CVE-2024-20351?
CVE-2024-20351 is considered a high severity vulnerability due to its potential to cause denial of service by dropping legitimate network traffic.
How do I fix CVE-2024-20351?
To fix CVE-2024-20351, apply the latest patches and updates provided by Cisco for the Firepower Threat Defense software.
Who is affected by CVE-2024-20351?
CVE-2024-20351 affects users of Cisco Firepower Threat Defense and Cisco FirePOWER Services that utilize the Snort Detection Engine.
Can CVE-2024-20351 be exploited remotely?
Yes, CVE-2024-20351 can be exploited by an unauthenticated remote attacker.
What types of threats does CVE-2024-20351 pose?
CVE-2024-20351 poses a threat of denial of service by disrupting legitimate network traffic handling.
- agent/references
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco secure firewall threat defense