CVE-2024-20408

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description: The issue is related to improper validation of data in HTTPS POST requests to the Dynamic Access Policies (DAP) feature. An attacker with valid remote access VPN user credentials could exploit this by sending a crafted HTTPS POST request, potentially causing the device to reload and resulting in a denial of service (DoS) condition.

Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, update to a version that fixes the improper validation of data in HTTPS POST requests. For Cisco Firepower Threat Defense (FTD) Software, update to a version that fixes the improper validation of data in HTTPS POST requests. As a temporary workaround, consider restricting access to the DAP feature until a patch is available.