CVE-2024-20261

CVSS 3.1 Score 5.8 of 10 (medium)

Attack Complexity low
Scope changed
Integrity low
Confidentiality none
Availability none
Privileges Required none

Details

Published May 22, 2024
CWE ID 284

Summary

CVE-2024-20261 is a vulnerability affecting the file policy feature in Cisco Firepower Threat Defense (FTD) Software. This issue allows unauthenticated, remote attackers to bypass configured file policies and pass encrypted archive files that should have been blocked. The root cause is a logic error in handling a specific class of encrypted archive files. An exploit of this vulnerability could enable an attacker to send a malicious encrypted archive file, which could contain malware, to the affected device.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share