CVE-2024-20329

Summary

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root.

This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Adaptive Security Appliance (ASA) Software9.17.1affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.17.1.7affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.17.1.9affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.17.1.10affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.1affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.1.3affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.17.1.11affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.2affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.17.1.13affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.17.1.15affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.2.5affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.17.1.20affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.2.7affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.2.8affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.5affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.17.1.30affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.9affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3.39affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.12affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3.46affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.18affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3.53affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3.55affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.17.1.33affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3.56affected

Weaknesses

  • CWE-146: Improper Neutralization of Expression/Command Delimiters

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References