Vulnerability Change Records for CVE-2024-20261
Change History
New CVE Received from Cisco Systems, Inc. 5/22/2024 1:16:12 PM
Action |
Type |
Old Value |
New Value |
Added |
Description |
|
A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a logic error when a specific class of encrypted archive files is inspected. An attacker could exploit this vulnerability by sending a crafted, encrypted archive file through the affected device. A successful exploit could allow the attacker to send an encrypted archive file, which could contain malware and should have been blocked and dropped at the Cisco FTD device.
|
Added |
CVSS V3.1 |
|
Cisco Systems, Inc. AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
|
Added |
CWE |
|
Cisco Systems, Inc. CWE-284
|
Added |
Reference |
|
Cisco Systems, Inc. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-archive-bypass-z4wQjwcN [No types assigned]
|
|