CVE-2024-20359
MEDIUM CISA KEVDescription
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
CVSS v3.1 Score
6.0
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild.
Added: Apr 24, 2024
Remediation due: May 1, 2024
Weakness Type (CWE)
CWE-94
CWE-94
Affected Products
| Vendor | Product |
|---|---|
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-20359? +
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. It has a CVSS v3.1 base score of 6.0 (MEDIUM). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.
How severe is CVE-2024-20359? +
CVE-2024-20359 has a CVSS v3.1 score of 6.0 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2024-20359? +
CVE-2024-20359 affects products from cisco, specifically: adaptive_security_appliance_software, firepower_threat_defense. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-20359? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.
Related Vulnerabilities
CVE-2026-41148
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, …
CVE-2025-22136
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including …
CVE-2025-24482
A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default …
CVE-2026-41486
Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types …
CVE-2026-41149
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, …
CVE-2026-45136
claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh (introduced in v3.5.0) interpolates Claude …