CVE-2024-20481

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) (affected versions not specified) Cisco Firepower Threat Defense (FTD) (affected versions not specified)

Description A flaw in the Remote Access VPN (RAVPN) service of Cisco ASA and FTD software allows an unauthenticated remote attacker to cause a denial of service (DoS) of the RAVPN service. This issue is caused by resource exhaustion, which occurs when an attacker sends a large volume of VPN authentication requests to a device. Successful exploitation exhausts system resources, potentially requiring a device reload to restore RAVPN functionality. Services unrelated to VPN are not affected. This issue has been associated with large-scale brute-force activity targeting VPNs and SSH services using common login credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.