CVE-2024-20261
CVSS 3.1 Score 5.8 of 10 (medium)
Attack Complexity low
Scope changed
Integrity low
Confidentiality none
Availability none
Privileges Required none
Details
Published May 22, 2024
CWE ID 284
Summary
CVE-2024-20261 is a vulnerability affecting the file policy feature in Cisco Firepower Threat Defense (FTD) Software. This issue allows unauthenticated, remote attackers to bypass configured file policies and pass encrypted archive files that should have been blocked. The root cause is a logic error in handling a specific class of encrypted archive files. An exploit of this vulnerability could enable an attacker to send a malicious encrypted archive file, which could contain malware, to the affected device.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share