CVE-2024-20329

CWE-1464 documents4 sources

Severity

9.9CRITICAL

EPSS

2.6%

top 14.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Adaptive Security Appliance Software

Timeline

PublishedOct 23

Description

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

▶NVDcisco/adaptive_security_appliance_software27 versions+26

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software27 versions+26

🔴Vulnerability Details

CVEList

Cisco Adaptive Security Appliance Software Remote Command Injection Vulnerability↗2024-10-23

▶

GHSA

GHSA-5xm6-h565-q6mc: A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute oper↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability↗2024-10-23

▶