CVE-2024-20435

CWE-2504 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 71.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Secure WEB ApplianceCisco Asyncos
Timeline
PublishedJul 17

Description

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operatin

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5cisco/cisco_secure_web_appliance27 versions+26
NVDcisco/asyncos27 versions+26

🔴Vulnerability Details

2
GHSA
GHSA-p6xf-x5px-f2vq: A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and el2024-07-17
CVEList
CVE-2024-20435: A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and el2024-07-17

📋Vendor Advisories

1
Cisco
Cisco Secure Web Appliance Privilege Escalation Vulnerability2024-07-17
CVE-2024-20435 (HIGH CVSS 7.8) | A vulnerability in the CLI of Cisco | cvebase.io