Cyber Security News

Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw

Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software. The vulnerability could allow remote attackers to execute commands with root-level privileges.

The flaw, CVE-2024-20329, affects devices running a vulnerable release of Cisco ASA Software with the CiscoSSH stack enabled.

Vulnerability Details – CVE-2024-20329

The vulnerability arises from insufficient validation of user input within the Secure Shell (SSH) subsystem. An attacker could exploit this flaw by sending crafted input during remote command execution over SSH.

Successful exploitation allows the attacker to execute commands on the underlying operating system with root privileges, potentially allowing them to gain full control over the affected system. 

National Cybersecurity Awareness Month Cyber Challenges – Test your Skills Now

This vulnerability, rated with a CVSS score of 9.9, is deemed critical due to its potential impact on confidentiality, integrity, and availability. Attackers with limited user privileges could leverage this flaw to escalate their access and compromise the entire system. 

The vulnerability affects Cisco products running vulnerable releases of ASA Software with SSH access enabled on at least one interface.

To determine if your device is affected, use the command show running-config | include ssh to check for the presence of ssh stack ciscossh in the configuration. 

Cisco has released software updates to address this vulnerability. Customers are urged to upgrade to the fixed software versions as soon as possible.

A workaround for those unable to immediately apply updates involves disabling the CiscoSSH stack using the command no ssh stack ciscossh.

However, this may disrupt active SSH sessions and should be tested for compatibility within your specific environment. 

Cisco provides free software updates for customers with service contracts. Those without contracts can contact the Cisco Technical Assistance Center (TAC) for assistance in obtaining updates.

Customers must ensure their devices have sufficient memory and that new releases support current configurations.

This advisory is part of Cisco’s October 2024 semiannual security publication, including multiple ASA, FMC, and FTD Software advisories.

Users must regularly consult Cisco’s Security Advisories page for comprehensive exposure assessments and upgrade solutions.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Darcula PhaaS: 884,000 Credit Card Details Stolen from 13 Million Global User Clicks

The Darcula group has orchestrated a massive phishing-as-a-service (PhaaS) operation, dubbed Magic Cat, compromising an…

2 minutes ago

Microsoft Resolves Group Policy Issue Blocking Windows 11 24H2 Installation

Microsoft has resolved a critical enterprise-focused bug that blocked organizations from deploying Windows 11 24H2…

9 minutes ago

DragonForce Ransomware Targets Major UK Retailers, Including Harrods, Marks & Spencer, and Co-Op

Major UK retailers including Harrods, Marks and Spencer, and Co-Op are currently experiencing significant service…

34 minutes ago

OpenAI Shifts For-Profit Branch to Public Benefit Corporation, Staying Under Nonprofit Oversight

Landmark organizational shift, OpenAI announced its transition from a capped-profit LLC to a Public Benefit…

1 hour ago

Google’s NotebookLM Introduces Voice Summaries in Over 50 Languages

Google has significantly expanded the capabilities of NotebookLM, its AI-powered research tool, by introducing Audio…

2 hours ago

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild

Google has released critical security patches for Android devices to address 57 vulnerabilities across multiple…

2 hours ago