CVE-2024-20431

EPSS 0.07%
Published 23.10.2024 18:15:10
Last modified 05.11.2024 14:47:55
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy.

 This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this vulnerability by sending traffic through an affected device. A successful exploit could allow the attacker to bypass a geolocation-based access control policy and successfully send traffic to a protected device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Firepower Threat Defense Version7.0.0

Cisco ≫ Firepower Threat Defense Version7.0.0.1

Cisco ≫ Firepower Threat Defense Version7.0.1

Cisco ≫ Firepower Threat Defense Version7.0.1.1

Cisco ≫ Firepower Threat Defense Version7.0.2

Cisco ≫ Firepower Threat Defense Version7.0.2.1

Cisco ≫ Firepower Threat Defense Version7.0.3

Cisco ≫ Firepower Threat Defense Version7.0.4

Cisco ≫ Firepower Threat Defense Version7.0.5

Cisco ≫ Firepower Threat Defense Version7.0.6

Cisco ≫ Firepower Threat Defense Version7.0.6.1

Cisco ≫ Firepower Threat Defense Version7.1.0

Cisco ≫ Firepower Threat Defense Version7.1.0.1

Cisco ≫ Firepower Threat Defense Version7.1.0.2

Cisco ≫ Firepower Threat Defense Version7.1.0.3

Cisco ≫ Firepower Threat Defense Version7.2.0

Cisco ≫ Firepower Threat Defense Version7.2.0.1

Cisco ≫ Firepower Threat Defense Version7.2.1

Cisco ≫ Firepower Threat Defense Version7.2.2

Cisco ≫ Firepower Threat Defense Version7.2.3

Cisco ≫ Firepower Threat Defense Version7.2.4

Cisco ≫ Firepower Threat Defense Version7.2.4.1

Cisco ≫ Firepower Threat Defense Version7.2.5

Cisco ≫ Firepower Threat Defense Version7.2.5.1

Cisco ≫ Firepower Threat Defense Version7.2.5.2

Cisco ≫ Firepower Threat Defense Version7.3.0

Cisco ≫ Firepower Threat Defense Version7.3.1

Cisco ≫ Firepower Threat Defense Version7.3.1.1

Cisco ≫ Firepower Threat Defense Version7.3.1.2

Cisco ≫ Firepower Threat Defense Version7.4.0

Cisco ≫ Firepower Threat Defense Version7.4.1

Cisco ≫ Firepower Threat Defense Version7.4.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.223

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
psirt@cisco.com	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-229 Improper Handling of Values

The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-geoip-bypass-MB4zRDu

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20431

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20431

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20431

EUVD