Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-20481
CVE-2024-20481:
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation
Overview
A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. The vulnerability (CVE-2024-20481) was disclosed on October 23, 2024, and affects Cisco ASA and FTD Software systems with RAVPN service enabled (Cisco Advisory).
Technical details
The vulnerability is due to resource exhaustion (CWE-772) and has been assigned a CVSS base score of 5.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L. The vulnerability specifically affects the RAVPN service when enabled on Cisco ASA or FTD Software systems. To determine if SSL VPN is enabled, administrators can use the 'show running-config webvpn | include ^ enable' command on the device CLI (Cisco Advisory).
Impact
A successful exploit could allow the attacker to exhaust resources, resulting in a denial of service (DoS) of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected by this vulnerability (Cisco Advisory).
Mitigation and workarounds
Cisco has released software updates that address this vulnerability. There are no workarounds available that address this vulnerability directly. However, there are mitigations outlined in the Recommendations Against Password Spray Attacks Aimed at Remote Access VPN Services in Secure Firewall TechNote. Customers should determine the applicability and effectiveness of these mitigations in their own environment (Cisco Advisory).
Community reactions
Cisco Talos has discussed these attacks in relation to large-scale brute-force activity targeting VPNs and SSH services with commonly used login credentials. The vulnerability has gained significant attention due to its inclusion in CISA's Known Exploited Vulnerabilities Catalog, highlighting its active exploitation in the wild (Cisco Advisory, CISA KEV).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management