CVE-2024-20359 - Cisco ASA and FTD Privilege Escalation Vulnerability
Project:Cisco
Product:Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
Date Added:2024-04-24Due Date:2024-05-01
Vulnerability Name
Cisco ASA and FTD Privilege Escalation Vulnerability
Description
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
https://nvd.nist.gov/vuln/detail/CVE-2024-20359
Related News Articles
Cisco warns of backdoor admin account in Smart Licensing UtilitySeptember 5, 2024
Cisco SSM On-Prem bug lets hackers change any user's passwordJuly 18, 2024
Cisco warns of NX-OS zero-day exploited to deploy custom malwareJuly 2, 2024
ArcaneDoor hackers exploit Cisco zero-days to breach govt networksApril 25, 2024
Norway recommends replacing SSL VPN to prevent breachesMay 17, 2024