CVE-2024-20370: 
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation

A vulnerability (CVE-2024-20370) was discovered in the Cisco FXOS CLI feature affecting specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. The vulnerability was disclosed on October 23, 2024, and affects Firepower 1000 Series, Firepower 2100 Series, Secure Firewall 3100, and Secure Firewall 4200 platforms. This vulnerability received a CVSS base score of 6.0 (Medium) (Cisco Advisory).

The vulnerability exists due to insecure storage and permissions of certain system configurations and executable files. The vulnerability has been assigned CWE-264 (Permissions, Privileges, and Access Controls). The CVSS v3.1 vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, indicating local access required, low attack complexity, high privileges required, no user interaction needed, and high impact on confidentiality and integrity (NVD).

A successful exploitation of this vulnerability could allow an authenticated attacker with valid administrative credentials to elevate their privileges to root access on the affected device. This would give the attacker complete control over the system with the highest possible privileges (Cisco Advisory).

Cisco has released software updates that address this vulnerability. There are no workarounds available for this vulnerability. Users are advised to upgrade to the latest version of the affected software. The specific fixed versions can be identified using the Cisco Software Checker (Cisco Advisory).