CVE-2024-20299

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description: The issue is related to a logic error in populating group access control lists (ACLs) when an AnyConnect client establishes a new session. This could allow an unauthenticated, remote attacker to bypass existing security restrictions by spoofing, potentially enabling traffic that should be denied to flow through an affected device. The attacker could exploit this by establishing an AnyConnect connection to the affected device, allowing them to bypass configured ACL rules.

Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, update to a version that includes the fix for this issue. For Cisco Firepower Threat Defense (FTD) Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the AnyConnect connection feature until a patch is available.