Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-20359
CVE-2024-20359:
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation
Overview
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software was disclosed on April 24, 2024. The vulnerability (CVE-2024-20359) could allow an authenticated, local attacker with administrator-level privileges to execute arbitrary code with root-level privileges. This vulnerability has been confirmed to be actively exploited in the wild (Cisco Advisory).
Technical details
The vulnerability is due to improper validation of a file when it is read from system flash memory. It has been assigned a CVSS v3.1 base score of 6.0 MEDIUM (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). The vulnerability is classified as CWE-94 (Improper Control of Generation of Code). Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) from Medium to High (Cisco Advisory, NVD).
Impact
A successful exploit could allow an attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. The injected code persists across device reboots, making this vulnerability particularly severe. The exploit provides the attacker with root-level privileges on the compromised system (Cisco Advisory).
Mitigation and workarounds
Cisco has released software updates that address this vulnerability. There are no workarounds available that address this vulnerability. After upgrading to a release with the fix, Cisco recommends that customers check the output of the dir disk0: command on the device CLI for any new .zip files that were not showing up before the upgrade. If a new file named clientbundleinstall.zip or any other unusual .zip file appears after the upgrade, customers should copy that file off the device using the copy command and contact psirt@cisco.com (Cisco Advisory).
Community reactions
Multiple government security agencies have been involved in the investigation and disclosure of this vulnerability, including the Australian Signals Directorate's Australian Cyber Security Centre, Canadian Centre for Cyber Security, the UK's National Cyber Security Centre (NCSC), and U.S. Cybersecurity & Infrastructure Security Agency (CISA). The vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, requiring federal agencies to apply patches by May 1, 2024 (NVD).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management