CVE-2024-20358

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A vulnerability in the restore functionality of Cisco ASA and Cisco Firepower Threat Defense Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. The vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.