NVD disclosure day

Published threat advisories for April 24, 2024

CVE advisoryKnown Exploit

CVE-2024-20359

Cisco ASA and FTD: Local Code Execution Risk via File Manipulation.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software contain a vulnerability allowing an authenticated local attacker with administrator privileges to execute arbitrary code. This could alter system behavior and persist across reboots, posing a significant business risk.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2024-20353

Cisco ASA and FTD Web Server Denial of Service Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Cisco ASA and FTD software contain a vulnerability that allows an unauthenticated remote attacker to cause a denial of service by sending a crafted HTTP request. This could disrupt network operations and impact service availability. Organizations should identify and mitigate exposure to affected devices.

NVD published: • CISA KEV