Vulnerability Description
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Adaptive Security Appliance Software | 9.17.1 |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciBroken Link
- https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300Vendor Advisory
FAQ
What is CVE-2024-20329?
CVE-2024-20329 is a vulnerability with a CVSS score of 9.9 (CRITICAL). A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerabili...
How severe is CVE-2024-20329?
CVE-2024-20329 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-20329?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software.