CVE-2024-20358— Cisco Firepower Threat Defense和Adaptive Security Appliance 操作系统命令注入漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-20358 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Cisco Firepower Threat Defense和Adaptive Security Appliance 操作系统命令注入漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Cisco Firepower Threat Defense(FTD)和Cisco Adaptive Security Appliance都是美国思科(Cisco)公司的产品。Cisco Firepower Threat Defense是一套提供下一代防火墙服务的统一软件。Cisco Adaptive Security Appliance是一个网络设备。用于保护各种规模的公司网络和数据中心。 Cisco Adaptive Security Appliance (ASA) 、Cisco Firepower
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2024-20358 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2024-20358 的情报信息
请登录查看更多情报信息。
CVE-2024-20358 厂商安全公告 (1)
同批安全公告 · Cisco · 2024-04-24 · 共 8 条
| CVE-2024-20295 | 8.8 HIGH | Cisco Integrated Management Controller 操作系统命令注入漏洞 |
| CVE-2024-20356 | 8.7 HIGH | Cisco Integrated Management Controller 操作系统命令注入漏洞 |
| CVE-2024-20353 | 8.6 HIGH | Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞 |
| CVE-2024-20313 | 7.4 HIGH | Cisco IOS XE Software 安全漏洞 |
| CVE-2024-20359 | 6.0 MEDIUM | Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞 |
| CVE-2023-20249 | 5.4 MEDIUM | Cisco TelePresence Management Suite 安全漏洞 |
| CVE-2023-20248 | Cisco TelePresence Management Suite 安全漏洞 |
IV. Related Vulnerabilities
- CVE-2026-20025
Cisco Secure Firewall Adaptive Security Appliance和Cisco Secu - CVE-2026-20024
Cisco Secure Firewall Adaptive Security Appliance和Cisco Secu - CVE-2026-20023
Cisco Secure Firewall Adaptive Security Appliance和Cisco Secu - CVE-2026-20022
Cisco Secure Firewall Adaptive Security Appliance和Cisco Secu - CVE-2026-20021
Cisco Secure Firewall Adaptive Security Appliance和Cisco Secu
V. Comments for CVE-2024-20358
暂无评论