Description:
CVE-2024-20329 is a critical vulnerability in Cisco Adaptive Security Appliance (ASA) software's SSH service. It allows low privileged remote users to execute operating system commands with root privileges. This vulnerability arises due to the insufficient input validation in the SSH service.
CVSS Score : 9.9
Root Cause & Impact :
The vulnerability stems from an improper validation on user input, which enables attackers to inject specially crafted commands via SSH. When exploited, this gap allows a remote user with authentication to run commands on the OS at root level. By this a low-privilege attacker gains root level control over the device, which might expose an organisation’s network to a significant risk of data theft, malware installation, and additional network breaches.
Affected Version :
Vendor : Cisco
Product : Cisco Adaptive Security Appliance (ASA) Software
It affects all the CISCO products which run on the below mentioned vulnerable release of Cisco ASA Software with the scenario of CiscoSSH Stack enabled and SSH access allowed on at least one interface.
Versions :
9.17.1
9.17.1.7
9.17.1.9
9.17.1.10
9.18.1
9.18.1.3
9.17.1.11
9.18.2
9.17.1.13
9.17.1.15
9.18.2.5
9.17.1.20
9.18.2.7
9.19.1
9.18.2.8
9.18.3
9.19.1.5
9.17.1.30
9.19.1.9
9.18.3.39
9.19.1.12
9.18.3.46
9.19.1.18
9.18.3.53
9.18.3.55
9.17.1.33
9.18.3.56
Steps to check CiscoSSH Stack is enabled or not :
Run the show running-config | include ssh command and verify the presence of the ssh stack. ciscossh configuration and an SSH ACL, as shown below:
ciscoasa# show run | include ssh
Mitigation:
Cisco has released an official software update to address this reported vulnerability on 2024-OCT-23.
Workaround :
Disable the CiscoSSH stack and use the native SSH stack by no ssh stack ciscossh command.
ciscoasa# conf t
ciscoasa(config)# no ssh stack ciscossh
Kommentarer