Cyber Resilience

CVE-2024-20353

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCDDoS

Published: 24 April 2024

Published
24 April 2024
Modified
28 October 2025
KEV Added
24 April 2024
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.1883 95.4th percentile
Risk Priority 48 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20353 is a high-severity Infinite Loop (CWE-835) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-20353 affects the management and VPN web servers in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. The flaw stems from incomplete error checking during HTTP header parsing and carries a CVSS 3.1 score of 8.6. Successful exploitation triggers an unexpected device reload and resulting denial-of-service condition.

An unauthenticated remote attacker can trigger the vulnerability by sending a single crafted HTTP request to either web server interface. No authentication or user interaction is required, and the attack can be launched over the network with low complexity, allowing an adversary to interrupt device operation and availability.

The Cisco Security Advisory and CISA Known Exploited Vulnerabilities catalog both list the issue, confirming that affected customers should apply the fixes published in the vendor advisory. The vulnerability has also been linked to the ArcaneDoor espionage campaign that targeted perimeter network devices.

EPSS scores rose from a low baseline to a recorded peak of 0.2445 (current value 0.1883), indicating emerging exploitation interest after public disclosure and warranting renewed attention from defenders.

EU & UK References

Vulnerability details

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial…

more

of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.

CWE(s)
KEV Date Added
24 April 2024

Related Threats

Threat-Actor AttributionAI

Arcanedoor (C0046)
Talos blog (referenced in CISA/CVE entries) attributes espionage campaign targeting Cisco ASA/FTD perimeter devices to Arcanedoor, exploiting this CVE-class flaw.

Affected Assets

cisco
adaptive security appliance software
9.12.1, 9.12.1.2, 9.12.1.3, 9.12.2, 9.12.2.1
cisco
firepower threat defense
6.2.3, 6.2.3.1, 6.2.3.10, 6.2.3.11, 6.2.3.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of HTTP header inputs to reject malformed requests before they trigger the parsing flaw and reload.

prevent

Explicitly mandates protections that prevent crafted remote requests from producing a denial-of-service reload on the exposed web servers.

prevent

Restricts network exposure of the management and VPN web servers so that unauthenticated attackers cannot reach the vulnerable HTTP header parser.

References