← Back

CVE-2024-20261

nvd nist
Published: May 22, 2024Modified: Jul 30, 2025

JSON object

Loading...
5.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a logic error when a specific class of encrypted archive files is inspected. An attacker could exploit this vulnerability by sending a crafted, encrypted archive file through the affected device. A successful exploit could allow the attacker to send an encrypted archive file, which could contain malware and should have been blocked and dropped at the Cisco FTD device.

Affected (73)

Cisco
1 product
Firepower Threat Defense
Configuration A
73 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Firepower Threat Defense
Version 6.2.3.10
Firepower Threat Defense
Version 6.2.3.11
Firepower Threat Defense
Version 6.2.3.12
Firepower Threat Defense
Version 6.2.3.13
Firepower Threat Defense
Version 6.2.3.14
Firepower Threat Defense
Version 6.2.3.15
Firepower Threat Defense
Version 6.2.3.16
Firepower Threat Defense
Version 6.2.3.17
Firepower Threat Defense
Version 6.2.3.18
Firepower Threat Defense
Version 6.2.3.1
Firepower Threat Defense
Version 6.2.3.2
Firepower Threat Defense
Version 6.2.3.3
Firepower Threat Defense
Version 6.2.3.4
Firepower Threat Defense
Version 6.2.3.5
Firepower Threat Defense
Version 6.2.3.6
Firepower Threat Defense
Version 6.2.3.7
Firepower Threat Defense
Version 6.2.3.8
Firepower Threat Defense
Version 6.2.3.9
Firepower Threat Defense
Version 6.2.3
Firepower Threat Defense
Version 6.4.0.10
Firepower Threat Defense
Version 6.4.0.11
Firepower Threat Defense
Version 6.4.0.12
Firepower Threat Defense
Version 6.4.0.13
Firepower Threat Defense
Version 6.4.0.14
Firepower Threat Defense
Version 6.4.0.15
Firepower Threat Defense
Version 6.4.0.16
Firepower Threat Defense
Version 6.4.0.1
Firepower Threat Defense
Version 6.4.0.2
Firepower Threat Defense
Version 6.4.0.3
Firepower Threat Defense
Version 6.4.0.4
Firepower Threat Defense
Version 6.4.0.5
Firepower Threat Defense
Version 6.4.0.6
Firepower Threat Defense
Version 6.4.0.7
Firepower Threat Defense
Version 6.4.0.8
Firepower Threat Defense
Version 6.4.0.9
Firepower Threat Defense
Version 6.4.0
Firepower Threat Defense
Version 6.6.0.1
Firepower Threat Defense
Version 6.6.0
Firepower Threat Defense
Version 6.6.1
Firepower Threat Defense
Version 6.6.3
Firepower Threat Defense
Version 6.6.4
Firepower Threat Defense
Version 6.6.5.1
Firepower Threat Defense
Version 6.6.5.2
Firepower Threat Defense
Version 6.6.5
Firepower Threat Defense
Version 6.6.7.1
Firepower Threat Defense
Version 6.6.7.2
Firepower Threat Defense
Version 6.6.7
Firepower Threat Defense
Version 6.7.0.1
Firepower Threat Defense
Version 6.7.0.2
Firepower Threat Defense
Version 6.7.0.3
Firepower Threat Defense
Version 6.7.0
Firepower Threat Defense
Version 7.0.0.1
Firepower Threat Defense
Version 7.0.0
Firepower Threat Defense
Version 7.0.1.1
Firepower Threat Defense
Version 7.0.1
Firepower Threat Defense
Version 7.0.2.1
Firepower Threat Defense
Version 7.0.2
Firepower Threat Defense
Version 7.0.3
Firepower Threat Defense
Version 7.0.4
Firepower Threat Defense
Version 7.0.5
Firepower Threat Defense
Version 7.1.0.1
Firepower Threat Defense
Version 7.1.0.3
Firepower Threat Defense
Version 7.1.0
Firepower Threat Defense
Version 7.2.0.1
Firepower Threat Defense
Version 7.2.0
Firepower Threat Defense
Version 7.2.1
Firepower Threat Defense
Version 7.2.2
Firepower Threat Defense
Version 7.2.3
Firepower Threat Defense
Version 7.2.4
Firepower Threat Defense
Version 7.3.0
Firepower Threat Defense
Version 7.3.1.1
Firepower Threat Defense
Version 7.3.1.2
Firepower Threat Defense
Version 7.3.1

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.