Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw

Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software. The vulnerability could allow remote attackers to execute commands with root-level privileges.

The flaw, CVE-2024-20329, affects devices running a vulnerable release of Cisco ASA Software with the CiscoSSH stack enabled.

Vulnerability Details – CVE-2024-20329

The vulnerability arises from insufficient validation of user input within the Secure Shell (SSH) subsystem. An attacker could exploit this flaw by sending crafted input during remote command execution over SSH.

Successful exploitation allows the attacker to execute commands on the underlying operating system with root privileges, potentially allowing them to gain full control over the affected system. 

National Cybersecurity Awareness Month Cyber Challenges – Test your Skills Now

This vulnerability, rated with a CVSS score of 9.9, is deemed critical due to its potential impact on confidentiality, integrity, and availability. Attackers with limited user privileges could leverage this flaw to escalate their access and compromise the entire system. 

The vulnerability affects Cisco products running vulnerable releases of ASA Software with SSH access enabled on at least one interface.

To determine if your device is affected, use the command show running-config | include ssh to check for the presence of ssh stack ciscossh in the configuration. 

Cisco has released software updates to address this vulnerability. Customers are urged to upgrade to the fixed software versions as soon as possible.

A workaround for those unable to immediately apply updates involves disabling the CiscoSSH stack using the command no ssh stack ciscossh.

However, this may disrupt active SSH sessions and should be tested for compatibility within your specific environment. 

Cisco provides free software updates for customers with service contracts. Those without contracts can contact the Cisco Technical Assistance Center (TAC) for assistance in obtaining updates.

Customers must ensure their devices have sufficient memory and that new releases support current configurations.

This advisory is part of Cisco’s October 2024 semiannual security publication, including multiple ASA, FMC, and FTD Software advisories.

Users must regularly consult Cisco’s Security Advisories page for comprehensive exposure assessments and upgrade solutions.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here