Vulnerability in Cisco Adaptive Security Appliance (ASA)
1. The vulnerability allows a local user to escalate privileges on the system.
2. The issue arises from improper input validation in a legacy capability for preloading VPN clients and plug-ins.
3. A local user can exploit this by copying a crafted file to the disk0: file system of an affected device.
4. The exploit allows execution of arbitrary code with root privileges.
5. Successful exploitation results in full control of the system.
#advisorysb2024042463
#codeexecution
#cisco
#adaptivesecurityappliance
#firepowerthreatdefense
#asa
#cve202420359
#cwe94
#codeinjection
#cybersecurity
#vulnerabilitydetails
#securityadvisory
#networksecurity
#systemsecurity
#zeroday
#vulnerabilities
#exploit
#bugbounty
#pentest
#course
#online
#offline
#offensivesecurity
1. The vulnerability allows a local user to escalate privileges on the system.
2. The issue arises from improper input validation in a legacy capability for preloading VPN clients and plug-ins.
3. A local user can exploit this by copying a crafted file to the disk0: file system of an affected device.
4. The exploit allows execution of arbitrary code with root privileges.
5. Successful exploitation results in full control of the system.
#advisorysb2024042463
#codeexecution
#cisco
#adaptivesecurityappliance
#firepowerthreatdefense
#asa
#cve202420359
#cwe94
#codeinjection
#cybersecurity
#vulnerabilitydetails
#securityadvisory
#networksecurity
#systemsecurity
#zeroday
#vulnerabilities
#exploit
#bugbounty
#pentest
#course
#online
#offline
#offensivesecurity