CVE-2024-20268
📋 TL;DR
A vulnerability in Cisco ASA and FTD software allows authenticated remote attackers to cause denial of service by sending crafted SNMP packets. The insufficient input validation in SNMP feature enables attackers to trigger device reloads. This affects all SNMP versions (1, 2c, 3) and requires valid SNMP credentials.
💻 Affected Systems
- Cisco Adaptive Security Appliance (ASA) Software
- Cisco Firepower Threat Defense (FTD) Software
📦 What is this software?
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
Adaptive Security Appliance Software by Cisco
View all CVEs affecting Adaptive Security Appliance Software →
⚠️ Risk & Real-World Impact
Worst Case
Complete network outage due to firewall device reload, disrupting all traffic through the affected device
Likely Case
Temporary service disruption during device reload, potentially causing brief network downtime
If Mitigated
Minimal impact if SNMP access is properly restricted and monitored
🎯 Exploit Status
Exploitation requires valid SNMP community string or SNMPv3 credentials. Attack is straightforward once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Cisco advisory for specific fixed versions per platform
Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-snmp-dos-7TcnzxTU
Restart Required: Yes
Instructions:
1. Check Cisco advisory for fixed versions. 2. Download appropriate software update. 3. Apply update following Cisco upgrade procedures. 4. Reboot device after update.
🔧 Temporary Workarounds
Disable SNMP
allCompletely disable SNMP service on affected devices
no snmp-server enable
Restrict SNMP Access
allLimit SNMP access to trusted management networks only
snmp-server community [community-string] RO [access-list-name]
🧯 If You Can't Patch
- Disable SNMP entirely if not required for monitoring
- Implement strict network access controls to limit SNMP traffic to trusted management hosts only
🔍 How to Verify
Check if Vulnerable:
Check if SNMP is enabled: 'show running-config | include snmp-server'Check Version:
show version | include VersionVerify Fix Applied:
Verify software version is patched: 'show version' and check against Cisco advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected device reloads
- SNMP authentication failures
- Multiple SNMP requests from single source
Network Indicators:
- SNMP traffic to firewall devices from unexpected sources
- Spike in SNMP request volume
SIEM Query:
source_port:161 AND (device_type:cisco_asa OR device_type:cisco_ftd) AND event_count > threshold