CVE-2024-20435
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-20435
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
带着不必要的权限执行
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco AsyncOS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco AsyncOS是美国思科(Cisco)公司的一款应用于思科设备的操作系统。 Cisco AsyncOS存在安全漏洞,该漏洞源于对用户提供的CLI输入验证不足,允许经过身份验证的本地攻击者执行任意命令并将权限提升到root。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Secure Web Appliance | 11.7.0-406 | - |
II. Public POCs for CVE-2024-20435
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-20435
请登录查看更多情报信息。
Same Patch Batch · Cisco · 2024-07-17 · 10 CVEs total
| CVE-2024-20419 | 10.0 CRITICAL | Cisco Smart Software Manager On-Prem 安全漏洞 |
| CVE-2024-20401 | 9.8 CRITICAL | Cisco Secure Email 安全漏洞 |
| CVE-2024-20323 | 7.5 HIGH | Cisco Intelligent Node 安全漏洞 |
| CVE-2024-20416 | 6.5 MEDIUM | Cisco RV340 和 Cisco RV345 安全漏洞 |
| CVE-2024-20429 | 6.5 MEDIUM | Cisco Secure Email 安全漏洞 |
| CVE-2024-20395 | 6.4 MEDIUM | Cisco Webex 安全漏洞 |
| CVE-2024-20396 | 5.3 MEDIUM | Cisco Webex 安全漏洞 |
| CVE-2024-20296 | 4.7 MEDIUM | Cisco Identity Services Engine 安全漏洞 |
| CVE-2024-20400 | 4.7 MEDIUM | Cisco Expressway Series 安全漏洞 |
IV. Related Vulnerabilities
Same product: Cisco Secure Web Appliance
- CVE-2026-20152
Cisco Secure Web Appliance Authentication Service Traffic By - CVE-2026-20056
Cisco Secure Web Appliance TBD Bypass Vulnerability - CVE-2025-20183
Cisco Secure Web Appliance Range Request Bypass Vulnerabilit - CVE-2022-20871
Cisco Secure Web Appliance Privilege Escalation Vulnerabilit - CVE-2024-20256
Cisco AsyncOS 安全漏洞
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-250
- CVE-2026-42088
OpenC3 COSMOS: Administrative Actions via the Script Runner - CVE-2026-40550
Privilege Escalation in mpGabinet - CVE-2026-25908
Dell Alienware Command Center 安全漏洞 - CVE-2026-4667
HP System Optimizer - Escalation of Privilege - CVE-2026-33793
Junos OS and Junos OS Evolved: When an unsigned Python op sc
V. Comments for CVE-2024-20435
No comments yet