CVE-2024-20339: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability (CVE-2024-20339) was discovered in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series. The vulnerability was disclosed on October 23, 2024, affecting Cisco Firepower 2100 Series Firewalls running vulnerable releases of Cisco FTD Software with a decryption policy configured (Cisco Advisory).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS Base Score of 8.6 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). The issue occurs during TLS traffic processing, specifically when certain TLS traffic is sent over IPv4 through an affected device (Cisco Advisory, NVD).

A successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. When exploited, the attack can cause the device to reload, resulting in a DoS condition that impacts traffic flowing to and through the affected device (Cisco Advisory).

Cisco has released software updates that address this vulnerability. There are no workarounds available for this vulnerability. Organizations using affected devices should upgrade to a fixed software version through their usual update channels (Cisco Advisory).