{"vulnerability": "CVE-2024-2049", "sightings": [{"uuid": "a8407ad3-3cdc-4ad4-a3f2-c4d20ff8a19b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2049", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11856", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-2049\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.\n\ud83d\udccf Published: 2024-03-12T12:39:45.077Z\n\ud83d\udccf Modified: 2025-04-15T15:26:57.364Z\n\ud83d\udd17 References:\n1. https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049", "creation_timestamp": "2025-04-15T15:54:52.000000Z"}, {"uuid": "48d4a2df-df43-433c-827b-01422c9c0814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20494", "type": "seen", "source": "https://t.me/cvedetector/8749", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20494 - Cisco ASA Software and FTD Software TLS 1.3 Handshake Data Validation Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-20494 \nPublished : Oct. 23, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.  \n  \n This vulnerability is due to improper data validation during the TLS 1.3 handshake. An attacker could exploit this vulnerability by sending a crafted TLS 1.3 packet to an affected system through a TLS 1.3-enabled listening socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.  \n  \n Note: This vulnerability can also impact the integrity of a device by causing VPN HostScan communication failures or file transfer failures when Cisco ASA Software is upgraded using Cisco Adaptive Security Device Manager (ASDM). \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T20:45:04.000000Z"}, {"uuid": "89f36661-8a35-4b75-bdf1-a9b3596d8676", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20493", "type": "seen", "source": "https://t.me/cvedetector/8748", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20493 - Cisco ASA/Firepower FTD Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20493 \nPublished : Oct. 23, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several minutes, resulting in a temporary denial of service (DoS) condition.  \n  \n This vulnerability is due to ineffective handling of memory resources during the authentication process. An attacker could exploit this vulnerability by sending crafted packets, which could cause resource exhaustion of the authentication process. A successful exploit could allow the attacker to deny authentication for Remote Access SSL VPN users for several minutes, resulting in a temporary DoS condition. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T20:45:03.000000Z"}, {"uuid": "9534b37c-699a-43cd-9543-9801cf6dccb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20495", "type": "seen", "source": "https://t.me/cvedetector/8743", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20495 - Cisco ASA and FTD TLS Session Reloading Vulnerability (Denial of Service)\", \n  \"Content\": \"CVE ID : CVE-2024-20495 \nPublished : Oct. 23, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device.  \n  \n This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T20:44:56.000000Z"}, {"uuid": "39d7a19b-30ca-4c8a-b6d1-eea6ca16c913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20497", "type": "seen", "source": "https://t.me/cvedetector/4822", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20497 - \"Cisco Expressway Edge Unauthorized Remote User Access and Call Interception Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-20497 \nPublished : Sept. 4, 2024, 5:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system.  \n  \nThis vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to intercept calls that are destined for a particular phone number or to make phone calls and have that phone number appear on the caller ID. To successfully exploit this vulnerability, the attacker must be an MRA user on an affected system. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T20:15:48.000000Z"}, {"uuid": "8768e5ae-7044-4f56-9bf2-86ae20ecde09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20496", "type": "seen", "source": "https://t.me/cvedetector/6335", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20496 - \"Cisco SD-WAN vEdge Software UDP Packet Validation Denial of Service Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-20496 \nPublished : Sept. 25, 2024, 5:15 p.m. | 35\u00a0minutes ago \nDescription : A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system.  \n  \nThis vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-25T20:13:01.000000Z"}, {"uuid": "bfd555d4-df94-4dff-a951-805d36074edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20498", "type": "seen", "source": "https://t.me/cvedetector/6873", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20498 - Cisco Meraki SSL VPN DoS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20498 \nPublished : Oct. 2, 2024, 7:15 p.m. | 44\u00a0minutes ago \nDescription : Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.  \n  \nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.  \nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T22:13:20.000000Z"}, {"uuid": "a9e89a25-7936-41ef-bc34-ffe6ea54f5cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20499", "type": "seen", "source": "https://t.me/cvedetector/6868", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20499 - Cisco Meraki AnyConnect VPN Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2024-20499 \nPublished : Oct. 2, 2024, 7:15 p.m. | 44\u00a0minutes ago \nDescription : Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.  \n  \nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.  \nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T22:13:13.000000Z"}, {"uuid": "46d8a7a6-a45a-41e1-8c54-97b8e708fe10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20491", "type": "seen", "source": "https://t.me/cvedetector/6856", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20491 - Cisco Nexus Dashboard Insights Remote Configuration Credential Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-20491 \nPublished : Oct. 2, 2024, 5:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information.  \n  \nThis vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text.  \nNote: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T19:42:45.000000Z"}, {"uuid": "ccba34db-0fe2-40dd-81d8-689b4dca42da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20490", "type": "seen", "source": "https://t.me/cvedetector/6855", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20490 - Cisco Nexus Dashboard Fabric Controller/Nexus Dashboard Orchestrator HTTP Proxy Credential Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-20490 \nPublished : Oct. 2, 2024, 5:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information.  \n  \nThis vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network.  \nNote: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T19:42:44.000000Z"}, {"uuid": "d625f3e5-f682-4a3b-a00b-931e1effa8ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20492", "type": "seen", "source": "https://t.me/cvedetector/6859", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20492 - Cisco Expressway Series Root Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20492 \nPublished : Oct. 2, 2024, 5:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device.  \n  \nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device.  \nNote: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. \nSeverity: 6.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T19:42:48.000000Z"}, {"uuid": "be65cedf-9681-4119-9f98-7eabaed60c25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2049", "type": "seen", "source": "https://t.me/ctinow/205699", "content": "https://ift.tt/6BuVs98\nCVE-2024-2049", "creation_timestamp": "2024-03-12T14:32:09.000000Z"}, {"uuid": "a0b20453-e788-4549-91ae-321b32ef002c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2049", "type": "seen", "source": "https://t.me/ctinow/205694", "content": "https://ift.tt/6BuVs98\nCVE-2024-2049", "creation_timestamp": "2024-03-12T14:32:04.000000Z"}]}