Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
7
Replies

Which products are vulnerable from CVE-2024-20481?

0xfrd1gul
Level 1
Level 1

‎10-25-2024 05:18 AM

Hi, I am an information technology engineer for Cisco products. What is the difference between "Cisco SSL VPN" and RA VPN (remote access vpn). I do not understand. Can we say that If Cisco SSL VPN products are in use for company, it means RA VPN is active. Is it true? Can you clear for me, please? I need to verify that which products can vulnerable from CVE-2024-20481. So which products are regarding about vulnerability?

Bests,

0 Helpful
7 Replies 7

Rob Ingram
VIP
VIP

‎10-25-2024 05:24 AM

@0xfrd1gul

Refer to this Cisco advisory for CVE-2024-20481 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW

If you are using SSL-VPN then this is also referred to as a Remote Access VPN (RAVPN), you can determine it is enabled

firewall# show running-config webvpn | include ^ enable
 enable outside

Use the software checker in the link above and enter your software version to determine whether you are impacted.

 

0 Helpful

0xfrd1gul
Level 1
Level 1
In response to Rob Ingram

‎10-25-2024 05:33 AM

Thanks your feedback @Rob Ingram,

Yes, I read the advisory link and news articles, but I couldn’t understand if using the Cisco SSL VPN product is the same as having RA VPN active. So, based on what you're saying, if we have the Cisco SSL VPN product, we can assume RA VPN is active, right? This would also mean that we're affected by the CVE-2024-20481 vulnerability due to using the SSL VPN product. Could you please confirm?

0 Helpful

Rob Ingram
VIP
VIP
In response to 0xfrd1gul

‎10-25-2024 05:37 AM

@0xfrd1gul if you are using ASA or FTD, then yes SSL-VPN is a Remote Access VPN. You need to use the software checker to determine if your version is actually affected. Else provide your exact version here.

0 Helpful

0xfrd1gul
Level 1
Level 1
In response to Rob Ingram

‎10-25-2024 05:49 AM

I wanted to confirm if this vulnerability affects all Cisco products with 'SSL VPN' capabilities. There are many versions: like 9.16 and others as well. Initially, I understood that all 'Cisco SSL VPN' products were affected, regarding without version-based . Is that correct?

 
0 Helpful

Rob Ingram
VIP
VIP
In response to 0xfrd1gul

‎10-25-2024 05:53 AM - edited ‎10-25-2024 06:03 AM

@0xfrd1gul no not all versions are affected. Refer to the software checker in the link provided, enter your exact version. i.e. 9.20.3 and check.

RobIngram_0-1729860809042.png

 

0 Helpful

0xfrd1gul
Level 1
Level 1
In response to Rob Ingram

‎10-25-2024 06:00 AM - edited ‎10-25-2024 06:01 AM

Yes, I check the version 9.20.3 and I see as you share SS, This version is not vulnerable, because I did not get any information as your SS and when I check. So, This vulnerability does not affect the  all versions, is it true, I do not understand clearly. If all versions are vulnerable for Cisco ASA, so why I need to check release number all of them?

0 Helpful

Rob Ingram
VIP
VIP
In response to 0xfrd1gul

‎10-25-2024 06:06 AM

@0xfrd1gul true, not all versions are affected.

You may well be runnning RAVPN/SSL-VPN (whatever you want to refer to it as), but that doesn't mean to say the software version is vulnerable.

You best of running the checker for each version of ASA you are running.

 

0 Helpful
Customers Also Viewed These Support Documents