CVE-2024-20435

Name of the Vulnerable Software and Affected Versions Cisco Secure Web Appliance versions (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input for the Command Line Interface (CLI) of Cisco AsyncOS for Secure Web Appliance. This could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. An attacker would need at least guest credentials to exploit this vulnerability. The exploitation involves authenticating to the system and executing a crafted command on the affected device, which could then allow the attacker to execute arbitrary commands on the underlying operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.