Saturday, February 15, 2025
HomeCyber Security NewsCisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw

Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw

Published on

SIEM as a Service

Follow Us on Google News

Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software. The vulnerability could allow remote attackers to execute commands with root-level privileges.

The flaw, CVE-2024-20329, affects devices running a vulnerable release of Cisco ASA Software with the CiscoSSH stack enabled.

Vulnerability Details – CVE-2024-20329

The vulnerability arises from insufficient validation of user input within the Secure Shell (SSH) subsystem. An attacker could exploit this flaw by sending crafted input during remote command execution over SSH.

Successful exploitation allows the attacker to execute commands on the underlying operating system with root privileges, potentially allowing them to gain full control over the affected system. 

National Cybersecurity Awareness Month Cyber Challenges – Test your Skills Now

This vulnerability, rated with a CVSS score of 9.9, is deemed critical due to its potential impact on confidentiality, integrity, and availability. Attackers with limited user privileges could leverage this flaw to escalate their access and compromise the entire system. 

The vulnerability affects Cisco products running vulnerable releases of ASA Software with SSH access enabled on at least one interface.

To determine if your device is affected, use the command show running-config | include ssh to check for the presence of ssh stack ciscossh in the configuration. 

Cisco has released software updates to address this vulnerability. Customers are urged to upgrade to the fixed software versions as soon as possible.

A workaround for those unable to immediately apply updates involves disabling the CiscoSSH stack using the command no ssh stack ciscossh.

However, this may disrupt active SSH sessions and should be tested for compatibility within your specific environment. 

Cisco provides free software updates for customers with service contracts. Those without contracts can contact the Cisco Technical Assistance Center (TAC) for assistance in obtaining updates.

Customers must ensure their devices have sufficient memory and that new releases support current configurations.

This advisory is part of Cisco’s October 2024 semiannual security publication, including multiple ASA, FMC, and FTD Software advisories.

Users must regularly consult Cisco’s Security Advisories page for comprehensive exposure assessments and upgrade solutions.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...