Login Sign Up

CVE-2023-20244

8.6 HIGH
Denial of Service

📋 TL;DR

An unauthenticated remote attacker can send crafted packets to Cisco Firepower Threat Defense (FTD) Software on Firepower 2100 Series Firewalls, causing a denial of service by depleting memory blocks. This results in traffic loss or device reload, affecting organizations using vulnerable FTD versions.

💻 Affected Systems

Products:
  • Cisco Firepower Threat Defense (FTD) Software
Versions: Multiple versions prior to 7.2.5.1 and 7.4.1
Operating Systems: Cisco FTD OS
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects Firepower 2100 Series Firewalls; other FTD platforms may have different vulnerability status.

📦 What is this software?

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

Firepower Threat Defense by Cisco

View all CVEs affecting Firepower Threat Defense →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete traffic disruption requiring manual device reload, potentially causing extended network downtime.

🟠

Likely Case

Traffic loss across the firewall leading to service disruption until device recovers or is reloaded.

🟢

If Mitigated

Minimal impact if patched or workarounds implemented; isolated traffic issues if detected early.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing devices prime targets.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit, but requires network access to the device.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW - Sending crafted packets requires minimal technical skill.

Exploitation requires sending specific packet sequences to trigger the memory depletion condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FTD 7.2.5.1 and later, 7.4.1 and later

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-intrusion-dos-DfT7wyGC

Restart Required: Yes

Instructions:

1. Download appropriate FTD patch from Cisco. 2. Backup configuration. 3. Apply patch via FTD management interface. 4. Reboot device as required.

🔧 Temporary Workarounds

Access Control Restrictions

all

Limit network access to FTD management and inspection interfaces to trusted sources only.

Configure ACLs to restrict traffic to FTD interfaces from authorized IP ranges only.

🧯 If You Can't Patch

  • Implement strict network segmentation to limit exposure to untrusted networks.
  • Monitor device memory usage and logs for signs of memory depletion or unusual packet patterns.

🔍 How to Verify

Check if Vulnerable:

Check FTD version via CLI: 'show version' and compare to affected versions (prior to 7.2.5.1 or 7.4.1).

Check Version:

show version | include Version

Verify Fix Applied:

Confirm version is 7.2.5.1 or later, or 7.4.1 or later using 'show version' command.

📡 Detection & Monitoring

Log Indicators:

  • Memory allocation failures
  • Unexpected device reloads
  • High packet drop rates in inspection engine logs

Network Indicators:

  • Sudden traffic loss through firewall
  • Unusual packet patterns to FTD interfaces
  • Device becoming unresponsive

SIEM Query:

Search for logs containing 'memory depletion', 'packet processing error', or 'unexpected reload' from FTD devices.

📊 Metadata

CVE ID: CVE-2023-20244
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE: CWE-771
Published: November 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON