Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20384

A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. This vulnerability is due to a logic error that occurs when NSG ACLs are populated on an affected device. An attacker could exploit this vulnerability by establishing a connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.

Published

2024-10-23T18:15:07.030

Last Modified

2025-08-01T16:02:16.727

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-290

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	adaptive_security_appliance_software	9.16.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.1.28	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.2.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.2.7	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.2.11	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.2.13	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.2.14	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.3.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.3.14	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.3.15	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.3.19	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.3.23	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.9	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.14	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.18	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.19	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.27	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.38	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.39	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.42	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.48	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.55	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.57	Yes
Operating System	cisco	adaptive_security_appliance_software	9.16.4.61	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1.7	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1.9	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1.10	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1.11	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1.13	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1.15	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1.20	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1.30	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1.33	Yes
Operating System	cisco	adaptive_security_appliance_software	9.17.1.39	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.1.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.2.5	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.2.7	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.2.8	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.3.39	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.3.46	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.3.53	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.3.55	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.3.56	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.4.5	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.4.8	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.4.22	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.4.24	Yes
Operating System	cisco	adaptive_security_appliance_software	9.18.4.29	Yes
Operating System	cisco	adaptive_security_appliance_software	9.19.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.19.1.5	Yes
Operating System	cisco	adaptive_security_appliance_software	9.19.1.9	Yes
Operating System	cisco	adaptive_security_appliance_software	9.19.1.12	Yes
Operating System	cisco	adaptive_security_appliance_software	9.19.1.18	Yes
Operating System	cisco	adaptive_security_appliance_software	9.19.1.22	Yes
Operating System	cisco	adaptive_security_appliance_software	9.19.1.24	Yes
Operating System	cisco	adaptive_security_appliance_software	9.19.1.27	Yes
Operating System	cisco	adaptive_security_appliance_software	9.19.1.28	Yes
Operating System	cisco	adaptive_security_appliance_software	9.19.1.31	Yes
Operating System	cisco	adaptive_security_appliance_software	9.20.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.20.1.5	Yes
Operating System	cisco	adaptive_security_appliance_software	9.20.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.20.2.10	Yes
Operating System	cisco	adaptive_security_appliance_software	9.20.2.21	Yes
Operating System	cisco	adaptive_security_appliance_software	9.20.2.22	Yes
Application	cisco	firepower_threat_defense	7.0.0	Yes
Application	cisco	firepower_threat_defense	7.0.0.1	Yes
Application	cisco	firepower_threat_defense	7.0.1	Yes
Application	cisco	firepower_threat_defense	7.0.1.1	Yes
Application	cisco	firepower_threat_defense	7.0.2	Yes
Application	cisco	firepower_threat_defense	7.0.2.1	Yes
Application	cisco	firepower_threat_defense	7.0.3	Yes
Application	cisco	firepower_threat_defense	7.0.4	Yes
Application	cisco	firepower_threat_defense	7.0.5	Yes
Application	cisco	firepower_threat_defense	7.0.6	Yes
Application	cisco	firepower_threat_defense	7.0.6.1	Yes
Application	cisco	firepower_threat_defense	7.0.6.2	Yes
Application	cisco	firepower_threat_defense	7.1.0	Yes
Application	cisco	firepower_threat_defense	7.1.0.1	Yes
Application	cisco	firepower_threat_defense	7.1.0.2	Yes
Application	cisco	firepower_threat_defense	7.1.0.3	Yes
Application	cisco	firepower_threat_defense	7.2.0	Yes
Application	cisco	firepower_threat_defense	7.2.0.1	Yes
Application	cisco	firepower_threat_defense	7.2.1	Yes
Application	cisco	firepower_threat_defense	7.2.2	Yes
Application	cisco	firepower_threat_defense	7.2.3	Yes
Application	cisco	firepower_threat_defense	7.2.4	Yes
Application	cisco	firepower_threat_defense	7.2.4.1	Yes
Application	cisco	firepower_threat_defense	7.2.5	Yes
Application	cisco	firepower_threat_defense	7.2.5.1	Yes
Application	cisco	firepower_threat_defense	7.2.5.2	Yes
Application	cisco	firepower_threat_defense	7.2.6	Yes
Application	cisco	firepower_threat_defense	7.2.7	Yes
Application	cisco	firepower_threat_defense	7.2.8	Yes
Application	cisco	firepower_threat_defense	7.2.8.1	Yes
Application	cisco	firepower_threat_defense	7.3.0	Yes
Application	cisco	firepower_threat_defense	7.3.1	Yes
Application	cisco	firepower_threat_defense	7.3.1.1	Yes
Application	cisco	firepower_threat_defense	7.3.1.2	Yes
Application	cisco	firepower_threat_defense	7.4.0	Yes
Application	cisco	firepower_threat_defense	7.4.1	Yes
Application	cisco	firepower_threat_defense	7.4.1.1	Yes
Application	cisco	firepower_threat_defense	7.4.2	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-nsgacl-bypass-77XnEAsL Vendor Advisory ([email protected])