Is CVE-2024-20353 exploitable?

Yes — CVE-2024-20353 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it is confirmed exploited in the wild.

Is CVE-2024-20353 a false positive?

No practitioners have marked CVE-2024-20353 a false positive so far (2 verdicts).

How do I remediate CVE-2024-20353?

Practitioners have shared remediation steps for CVE-2024-20353 — see the remediation notes on this page.

CVE-2024-20353

is CVE-2024-20353real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch

High · CVSS 8.6EPSS 63.3%CISA KEVCWE-835

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.

References

NVD MITRE CVE.org CISA KEV

Published Apr 24, 2024

Embed this verdict

Markdown

[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2024-20353/badge.svg)](https://www.truepositive.app/cve/CVE-2024-20353)

HTML

<a href="https://www.truepositive.app/cve/CVE-2024-20353"><img src="https://www.truepositive.app/cve/CVE-2024-20353/badge.svg" alt="TruePositive verdict for CVE-2024-20353"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts

Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

Pick your verdict — we'll save it right after a quick sign-in.

Community real-world severity: High (High 2) — CVSS base score 8.6

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

0
Field note · Nadia PetrovaCurated
Cisco ASA and FTD Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition. Listed in the CISA KEV catalog (added 2024-04-24) — confirmed exploited in the wild, not theoretical. FIRST EPSS puts the chance of exploitation in the next 30 days at ~63%. Treat it as real and prioritize remediation over triage.
0
Remediation · Aisha RahmanCurated
Required action for Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD): Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. CISA set a federal remediation due date of 2024-05-01. After patching, verify the vulnerable path is no longer reachable before closing the finding.