cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20481,https://securityvulnerability.io/vulnerability/CVE-2024-20481,Cisco RAVPN Vulnerability to DoS Attacks,"A vulnerability has been identified in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This vulnerability enables unauthenticated remote attackers to exploit the RAVPN service through a significant number of VPN authentication requests, leading to resource exhaustion. The resulting denial of service impacts the RAVPN functionality, potentially necessitating a device reload to restore service. Other services on the device remain unaffected by this issue. Detailed insights into these types of attacks are further explored in Cisco Talos' findings regarding large-scale brute-force activities targeting VPNs.",Cisco,"Cisco Adaptive Security Appliance (asa) Software,Cisco Firepower Threat Defense Software",5.8,MEDIUM,0.0018100000452250242,true,2024-10-24T00:00:00.000Z,true,false,true,2024-10-24T00:00:00.000Z,,false,false,,2024-10-23T18:15:00.000Z,0
CVE-2024-20399,https://securityvulnerability.io/vulnerability/CVE-2024-20399,Cisco NX-OS Software Vulnerability: Arbitrary Command Execution as Root,"The vulnerability CVE-2024-20399 affects Cisco NX-OS Software and allows an authenticated, local attacker to execute arbitrary commands as root on the affected device. This is a command injection vulnerability with a CVSS risk score of 6.0, and it has been exploited by the Chinese hacker group Velvet Ant for network espionage activities. The vulnerability affects a wide range of Cisco Nexus products and requires the attacker to have Administrator credentials. Cisco has released new software to patch the vulnerability and urges IT professionals to apply the update promptly to mitigate the risk. The exploit of this vulnerability allows the attacker to remotely access Nexus devices and execute malicious code, potentially leading to data breaches and further attacks.",Cisco,Cisco Nx-os Software,6.7,MEDIUM,0.0025599999353289604,true,2024-07-02T00:00:00.000Z,true,true,true,2024-07-02T00:00:00.000Z,true,false,false,,2024-07-01T16:11:44.028Z,0
CVE-2024-20353,https://securityvulnerability.io/vulnerability/CVE-2024-20353,Cisco ASA Software Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the web servers of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software, which may be exploited by an unauthenticated remote attacker. The flaw is attributed to inadequate error checking while processing HTTP headers. By sending a specifically crafted HTTP request to the affected web server on these devices, an attacker can trigger an unexpected device reload, resulting in a denial of service (DoS) condition. This vulnerability highlights the importance of robust input validation in web server configurations to mitigate risks associated with remote exploitation.",Cisco,"Cisco Adaptive Security Appliance (asa) Software,Cisco Firepower Threat Defense Software",8.6,HIGH,0.0017500000540167093,true,2024-04-24T00:00:00.000Z,true,true,true,2024-04-24T00:00:00.000Z,,true,true,2024-04-26T05:52:02.402Z,2024-04-24T18:15:57.646Z,16030
CVE-2024-20359,https://securityvulnerability.io/vulnerability/CVE-2024-20359,Cisco ASA Software Vulnerability Allows Arbitrary Code Execution with Root Privileges,"A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
 This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.",Cisco,"Cisco Adaptive Security Appliance (asa) Software,Cisco Firepower Threat Defense Software",6,MEDIUM,0.0012799999676644802,true,2024-04-24T00:00:00.000Z,true,true,true,2024-04-24T00:00:00.000Z,,false,false,,2024-04-24T18:16:49.769Z,0