CVE-2024-20370

Oct. 25, 2024, 12:56 p.m.

CVSS Score

6.0 / 10

Product(s) Impacted

Cisco Adaptive Security Appliance (ASA) Software

Cisco Firepower Threat Defense (FTD) Software

Description

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability. This vulnerability exists because certain system configurations and executable files have insecure storage and permissions. An attacker could exploit this vulnerability by authenticating on the device and then performing a series of steps that includes downloading malicious system files and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain root access on the device.

Weaknesses

CWE-264
None

None

CWE ID: 264

Date

Published: Oct. 23, 2024, 6:15 p.m.

Last Modified: Oct. 25, 2024, 12:56 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

ykramarz@cisco.com

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

Base Score
6.0
Exploitability Score
0.8
Impact Score
5.2
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

References