Cisco ASA Software Vulnerability Could Allow Root Access via SSH
CVE-2024-20329
Summary
A vulnerability present in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software allows authenticated remote attackers to execute arbitrary operating system commands with root privileges. The root cause of this vulnerability is inadequate validation of user input. Attackers can exploit this flaw through specially crafted input submitted during the execution of remote CLI commands over SSH. Successful exploitation grants attackers the ability to gain complete control over the system, compromising security and potentially leading to further attacks on the network. Organizations utilizing Cisco ASA Software are encouraged to review their security measures and apply appropriate patches to mitigate this risk.
Affected Version(s)
Cisco Adaptive Security Appliance (ASA) Software 9.17.1
Cisco Adaptive Security Appliance (ASA) Software 9.17.1.7
Cisco Adaptive Security Appliance (ASA) Software 9.17.1.9
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Cisco fixes VPN DoS flaw discovered in password spray attacks
Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April.
3 months ago
GBHackersCVE-2024-20329Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw
Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software.
3 months ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by GBHackers
Vulnerability published