How severe is CVE-2024-20485?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2024-20485?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2024-20485 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a specific file when it is read from system flash memory. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Related Vulnerabilities

CVE-2017-6186

MEDIUM

CVSS:6.7(Medium)

Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-prot...

CWE-942017

CVE-2018-3686

MEDIUM

CVSS:6.7(Medium)

Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access.

CWE-942018

CVE-2018-3700

MEDIUM

CVSS:6.7(Medium)

Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation...

CWE-942018

CVE-2020-8140

MEDIUM

CVSS:6.7(Medium)

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.

CWE-942020

CVE-2021-3411

MEDIUM

CVSS:6.7(Medium)

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerabilit...

CWE-942021

CVE-2022-29813

MEDIUM

CVSS:6.7(Medium)

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

CWE-942022