Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials.

Published

2024-07-17T17:15:14.787

Last Modified

2025-08-08T01:55:41.180

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-250

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	asyncos	11.7.0-406	Yes
Operating System	cisco	asyncos	11.7.0-418	Yes
Operating System	cisco	asyncos	11.7.1-006	Yes
Operating System	cisco	asyncos	11.7.1-020	Yes
Operating System	cisco	asyncos	11.7.1-049	Yes
Operating System	cisco	asyncos	11.7.2-011	Yes
Operating System	cisco	asyncos	11.8.0-414	Yes
Operating System	cisco	asyncos	11.8.1-023	Yes
Operating System	cisco	asyncos	11.8.3-018	Yes
Operating System	cisco	asyncos	11.8.3-021	Yes
Operating System	cisco	asyncos	12.0.1-268	Yes
Operating System	cisco	asyncos	12.0.3-007	Yes
Operating System	cisco	asyncos	12.5.1-011	Yes
Operating System	cisco	asyncos	12.5.2-007	Yes
Operating System	cisco	asyncos	12.5.4-005	Yes
Operating System	cisco	asyncos	12.5.5-004	Yes
Operating System	cisco	asyncos	12.5.6-008	Yes
Operating System	cisco	asyncos	14.0.2-012	Yes
Operating System	cisco	asyncos	14.0.3-014	Yes
Operating System	cisco	asyncos	14.0.4-005	Yes
Operating System	cisco	asyncos	14.0.5-007	Yes
Operating System	cisco	asyncos	14.5.0-498	Yes
Operating System	cisco	asyncos	14.5.1-016	Yes
Operating System	cisco	asyncos	14.5.2-011	Yes
Operating System	cisco	asyncos	15.0.0-322	Yes
Operating System	cisco	asyncos	15.0.0-355	Yes
Operating System	cisco	asyncos	15.1.0-287	Yes
Application	cisco	secure_web_appliance_virtual_s1000v	-	No
Application	cisco	secure_web_appliance_virtual_s100v	-	No
Application	cisco	secure_web_appliance_virtual_s300v	-	No
Application	cisco	secure_web_appliance_virtual_s600v	-	No
Hardware	cisco	secure_web_appliance_s196	-	No
Hardware	cisco	secure_web_appliance_s396	-	No
Hardware	cisco	secure_web_appliance_s696	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)