CVE-2024-20359

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) (affected versions not specified) Cisco Firepower Threat Defense (FTD) (affected versions not specified)

Description A flaw exists in a legacy capability used for preloading VPN clients and plug-ins. The issue stems from improper validation of a file when it is read from system flash memory. An authenticated local attacker with administrator-level privileges could exploit this by copying a crafted file to the disk0: file system. Successful exploitation allows the execution of arbitrary code with root-level privileges following a device reload, which can alter system behavior and persist across reboots.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.