6

CVE-2024-20370

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability. This vulnerability exists because certain system configurations and executable files have insecure storage and permissions. An attacker could exploit this vulnerability by authenticating on the device and then performing a series of steps that includes downloading malicious system files and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain root access on the device.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorcisco
Product adaptive_security_appliance_software
Default Statusunknown
Version <= 9.17.1.39
Version 9.17.1
Status affected
Version <= 9.18.4.22
Version 9.18.1
Status affected
Version <= 9.19.1.28
Version 9.19.1
Status affected
Version <= 9.20.2.10
Version 9.20.1
Status affected
Vendorcisco
Product firepower_threat_defense_software
Default Statusunknown
Version <= 7.1.0.3
Version 7.1.0
Status affected
Version <= 7.2.8.1
Version 7.2.0
Status affected
Version <= 7.3.1.2
Version 7.3.0
Status affected
Version <= 7.4.1.1
Version 7.4.0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.082
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
psirt@cisco.com 6 0.8 5.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N