gally

Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)

3 months ago

CVE-2024-20353 is a denial-of-service attack that allows a remote, unauthenticated attacker to cause the device to reload unexpectedly, resulting in a denial-of-service condition. CVE-2024-20358 is a command injection attack that allows a local, authenticated attacker with Administrator level privileges to run arbitrary commands as root on the underlying device operating system. CVE-2024-20359 is similar and is an arbitrary code execution attack that allows a local, authenticated attacker with Administrator level privileges to execute arbitrary code as root on the underlying device operating system.

Related vulnerabilities

Cisco Smart Licensing Utility

6 months ago

Two critical vulnerabilities in Cisco's Smart Licensing Utility allow remote, unauthenticated attackers to gain privileges or access sensitive data.

Vulnerabilities:

• CVE-2024-20439 (CVSS: 9.8): An undocumented static admin account can be exploited to access affected systems.
• CVE-2024-20440 (CVSS: 7.5): An overly verbose debug log can be exploited via a crafted HTTP request, exposing API credentials.

⚠️ These issues are only exploitable if the licensing utility is actively running. Cisco strongly advises updating systems to mitigate these threats.

Related vulnerabilities

Zyxel security advisory for multiple vulnerabilities in firewalls

6 months ago

Zyxel has released patches addressing multiple vulnerabilities in some firewall versions. Users are advised to install the patches for optimal protection.

Related vulnerabilities