HIGH✓ PATCH🇬🇧 English

CVE-2023-20244

CVSS 8.6v3.1pub. 2023-11-01upd. 2024-11-21

A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Cisco Firepower 2110

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 2120

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 2130

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 2140

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower Threat Defense

    APP
    Cisco
    6.2.36.2.3.16.2.3.106.2.3.116.2.3.126.2.3.136.2.3.146.2.3.156.2.3.166.2.3.176.2.3.186.2.3.26.2.3.36.2.3.46.2.3.5+ 55 więcej
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoSFirewall
CWE
Referencje

Powiązane podatności

CVE-2025-20333CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE jako root w Cisco ASA i FTD poprzez podatny serwer VPN web

CVE-2025-20363CRITICAL9.0PL ✓ten sam produkt

RCE w web services Cisco ASA, FTD, IOS, IOS XE, IOS XR przez HTTP

CVE-2024-20412CRITICAL9.3PL ✓ten sam produkt

Cisco FTD: statyczne konta z zakodowanymi hasłami umożliwiają nieautoryzowany dostęp

CVE-2022-20829CRITICAL9.1ten sam produkt

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of...

CVE-2020-3187CRITICAL9.1ten sam produkt

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Fi...

CVE-2023-20244 — HIGH 8.6 | CVEbaza.pl