Cisco Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Cisco Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system.

Notes:

CVE-2024-20353 and CVE-2024-20359 are being exploited in the wild. CVE-2024-20353 required users enabling SSL listen sockets on any TCP port to be exploited. CVE-2024-20359 required a user who have at least resource administrator role privilege to perform critical actions. Hence, the risk level is rated as High Risk.

Impact

• Remote Code Execution
• Denial of Service

System / Technologies affected

• Cisco ASA Software
• Cisco FTD Software

Please refer to the link below for detail:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8Wysm

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8Wysm

Vulnerability Identifier

• CVE-2024-20353
• CVE-2024-20358
• CVE-2024-20359

Source

• Cisco

Related Link

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8Wysm