CVE-2024-20435
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-20435 is a vulnerability affecting the CLI of Cisco AsyncOS for Secure Web Appliance. This issue allows authenticated, local attackers to execute arbitrary commands and gain root privileges due to insufficient input validation for the CLI. An attacker could exploit this vulnerability by crafting a command and authenticating to the system. Successful exploitation could lead to arbitrary command execution on the underlying operating system and privilege escalation to root. To exploit this vulnerability, an attacker would need at least guest credentials.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.