CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: May 1, 2024
CVE-2024-20359
High
EPSS 0.2%CISA KEVDescription
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.
EPSS — Exploit Probability
0.2%
Higher than 44.4% of all CVEs
Required Action
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h; https://nvd.nist.gov/vuln/detail/CVE-2024-20359
Risk Assessment
ELEVATEDIn CISA KEV
Details
- Severity
- High
- EPSS
- 0.2%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
Apr 24, 2024
Added to KEV
Apr 24, 2024
Remediation Due
May 1, 2024
Affected Product
Cisco
Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
View all Cisco CVEs