Summary
Cisco has disclosed a critical vulnerability (CVE-2024-20329) in the SSH subsystem of its Adaptive Security Appliance (ASA) Software.
This flaw allows an authenticated, remote attacker to execute operating system commands as root.
The vulnerability arises from insufficient validation of user input, enabling attackers to submit crafted input when executing remote CLI commands over SSH. Successful exploitation could grant attackers full control over the affected system.
Cisco has released software updates to address this issue.
Risks
The vulnerability poses a significant threat to organizations utilizing Cisco ASA Software with the CiscoSSH stack enabled.
An attacker with limited user privileges could exploit this flaw to gain root-level access, leading to potential data breaches, network infiltration, or deployment of malicious software.
Given the elevated privileges obtained through exploitation, the risk is particularly high for devices exposed to the internet.
Affected Versions
-
To determine if the CiscoSSH stack is enabled, administrators should verify the SSH configuration in the device’s settings.
-
If the configuration includes a reference to the CiscoSSH stack, the device is in a vulnerable configuration.
Remediation
Cisco has released free software updates to address this vulnerability.
Additionally, as a workaround, administrators can disable the CiscoSSH stack through device configuration settings.
Note that this change will disconnect active SSH sessions and must be saved to persist across reboots.
While this workaround has been tested successfully, organizations should assess its applicability and potential impact within their specific environments.
Conclusion
Organizations using vulnerable versions of Cisco ASA Software must prioritize upgrading to the latest patched versions to mitigate the risk of exploitation. The critical nature of this vulnerability, combined with the potential for full system compromise, necessitates immediate attention from network security teams.
References
-
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy