CVE-2024-20495

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description: The issue is related to insufficient input validation in the Remote Access VPN feature. This could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this by sending a crafted key value to an affected system over the secure TLS session.

Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, update to a version that fixes the improper validation of client key data. For Cisco Firepower Threat Defense (FTD) Software, update to a version that fixes the improper validation of client key data. As a temporary workaround, consider restricting access to the Remote Access VPN feature until a patch is available.