CVE-2024-20481
CVE-2024-20481 is a medium-severity vulnerability in Cisco Firepower Threat Defense Software with a CVSS 3.x base score of 5.8. It is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, confirming it has been exploited in the wild (added 2024-10-24). The underlying weakness is classified as CWE-772.
Key facts
- Severity: Medium (CVSS 3.x base score 5.8)
- EPSS exploit prediction: 16% (97th percentile)
- Actively exploited: Yes — listed in CISA KEV (added 2024-10-24)
- EU (EUVD) id: EUVD-2024-18196
- EU exploitation: Flagged exploited in the ENISA EU Vulnerability Database (since 2024-10-24)
- Weakness: CWE-772
- Affected product: Cisco Firepower Threat Defense Software
- Published:
- Last modified:
Description
A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected. Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials.
Frequently asked questions
- What is CVE-2024-20481?
- A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected. Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials.
- How severe is CVE-2024-20481?
- CVE-2024-20481 has a CVSS 3.x base score of 5.8, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability low.
- Is CVE-2024-20481 being actively exploited?
- Yes. CVE-2024-20481 is on CISA's Known Exploited Vulnerabilities (KEV) catalog, added on 2024-10-24, which means active exploitation has been confirmed. It should be prioritised for remediation.
- What products are affected by CVE-2024-20481?
- CVE-2024-20481 primarily affects Cisco Firepower Threat Defense Software. In total, 289 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2024-20481?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Because this CVE is known to be actively exploited, treat remediation as urgent — CISA KEV typically sets a short remediation deadline.
- Does CVE-2024-20481 have an EU (EUVD) identifier?
- Yes. CVE-2024-20481 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-18196. It is also flagged as exploited in the EUVD (since 2024-10-24).
- When was CVE-2024-20481 published?
- CVE-2024-20481 was published on 2024-10-23 and last updated on 2026-06-17.
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20481
Affected products (289)
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.2.3.18:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense_software:6.6.0.1:*:*:*:*:*:*:*
More vulnerabilities in Cisco Firepower Threat Defense Software
- CVE-2026-20103 — High (CVSS 8.6): A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA)…
- CVE-2026-20101 — High (CVSS 8.6): A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD…
- CVE-2026-20039 — High (CVSS 8.6): A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco…
- CVE-2024-20426 — High (CVSS 8.6): A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security…
- CVE-2024-20351 — High (CVSS 8.6): A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense…
- CVE-2024-20339 — High (CVSS 8.6): A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100…
All CVEs affecting Cisco Firepower Threat Defense Software →
Other CWE-772 vulnerabilities
- CVE-2020-12134 — Critical (CVSS 9.8): Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log.
- CVE-2017-15032 — Critical (CVSS 9.8): ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
- CVE-2017-14138 — Critical (CVSS 9.8): ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in…
- CVE-2017-11641 — Critical (CVSS 9.8): GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick…
- CVE-2020-14339 — High (CVSS 8.8): A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This…
- CVE-2018-19760 — High (CVSS 8.8): cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.