CVE-2024-20485

CWE-94Code Injection4 documents4 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 89.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Cisco Adaptive Security Appliance (asa) SoftwareCisco Cisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software+1 more
Timeline
PublishedOct 23

Description

A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a specific file when it is read from system flash memory. An attacker could exploit this vulnerability by restoring a crafted backup f

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages4 packages

🔴Vulnerability Details

2
CVEList
CVE-2024-20485: A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allo2024-10-23
GHSA
GHSA-m83r-8rcp-wv5v: A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allo2024-10-23

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability2024-10-23
CVE-2024-20485 (MEDIUM CVSS 6.7) | A vulnerability in the VPN web serv | cvebase.io