CVE-2024-20407
MEDIUMDescription
A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies on an affected system. Devices that are configured with Snort 2 are not affected by this vulnerability. This vulnerability is due to a logic error when handling embryonic (half-open) TCP connections. An attacker could exploit this vulnerability by sending a crafted traffic pattern through an affected device. A successful exploit could allow unintended traffic to enter the network protected by the affected device.
Is your site exposed to CVE-2024-20407?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
References
Frequently Asked Questions
What is CVE-2024-20407? +
How severe is CVE-2024-20407? +
What products are affected by CVE-2024-20407? +
How do I check if I'm vulnerable to CVE-2024-20407? +
Related Vulnerabilities
A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, …
IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could …
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of …
Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability.
DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability.
A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles …