CVE-2024-20268

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description: The issue is related to insufficient input validation of SNMP packets, which could allow an authenticated, remote attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition. This affects all versions of SNMP (versions 1, 2c, and 3) and requires a valid SNMP community string or valid SNMPv3 user credentials. An attacker could exploit this by sending a crafted SNMP request to an affected device using IPv4 or IPv6.

Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, consider disabling the SNMP feature until a patch is available. For Cisco Firepower Threat Defense (FTD) Software, restrict access to the SNMP protocol to minimize the risk of exploitation. As a temporary workaround, avoid using the SNMP community string or SNMPv3 user credentials in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.