CVE-2024-20339
📋 TL;DR
This vulnerability in Cisco Firepower Threat Defense (FTD) Software allows unauthenticated remote attackers to cause a denial of service by sending specially crafted TLS traffic over IPv4. Affected systems include Cisco Firepower 2100 Series devices running vulnerable FTD software versions. Successful exploitation causes the device to reload, disrupting network traffic.
💻 Affected Systems
- Cisco Firepower Threat Defense (FTD) Software
📦 What is this software?
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
Firepower Threat Defense Software by Cisco
⚠️ Risk & Real-World Impact
Worst Case
Complete device outage with extended downtime, disrupting all network traffic through the affected firewall and requiring manual intervention to restore service.
Likely Case
Intermittent device reloads causing periodic service disruptions, degraded network performance, and potential loss of connectivity for connected systems.
If Mitigated
Minimal impact with proper network segmentation and traffic filtering preventing malicious TLS packets from reaching vulnerable devices.
🎯 Exploit Status
Exploitation requires sending specific TLS traffic patterns; no authentication needed
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Cisco advisory for specific fixed versions
Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-QXYE5Ufy
Restart Required: Yes
Instructions:
1. Check current FTD version. 2. Review Cisco advisory for fixed versions. 3. Download and apply appropriate patch from Cisco. 4. Reboot device after patching.
🔧 Temporary Workarounds
TLS Traffic Filtering
allImplement network filtering to block or restrict TLS traffic to vulnerable devices
# Use ACLs to filter TLS traffic
# Example: access-list deny tcp any any eq 443
Network Segmentation
allIsolate vulnerable devices from untrusted networks
# Implement VLAN segmentation
# Use firewall rules to restrict access
🧯 If You Can't Patch
- Implement strict network access controls to limit TLS traffic to trusted sources only
- Deploy intrusion prevention systems to detect and block malicious TLS patterns
🔍 How to Verify
Check if Vulnerable:
Check FTD software version and compare against Cisco advisory; verify device model is Firepower 2100 SeriesCheck Version:
show versionVerify Fix Applied:
Confirm FTD version matches or exceeds patched version listed in Cisco advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected device reloads
- TLS connection anomalies
- High CPU/memory usage before crash
Network Indicators:
- Abnormal TLS traffic patterns to firewall
- Sudden loss of connectivity through device
SIEM Query:
device_type:"firepower" AND (event:"reload" OR event:"crash") AND protocol:"TLS"