{"uuid": "962f5ff4-ae56-4520-adb8-e645b1370d1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20435", "type": "seen", "source": "https://t.me/MrVGunz/1251", "content": "\ud83d\udccd \u062e\u0644\u0627\u0635\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2024-20435\n\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc CVE-2024-20435 \u062f\u0631 \u062e\u0637 \u0641\u0631\u0645\u0627\u0646 (#CLI) \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 #Cisco AsyncOS \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0648\u0628 (#Secure Web Appliance) \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647 #\u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u062d\u0644\u06cc \u0628\u0627 #\u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u0639\u062a\u0628\u0631 \u0627\u0645\u06a9\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0631\u062f\u0647 \u0648 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u0628\u0627\u0644\u0627\u062a\u0631\u06cc\u0646 \u0633\u0637\u062d (#root) \u0627\u0631\u062a\u0642\u0627 \u062f\u0647\u0646\u062f.\n\n\u0631\u06cc\u0634\u0647 \u0645\u0634\u06a9\u0644:\n\u0636\u0639\u0641 \u0627\u0635\u0644\u06cc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u0639\u062f\u0645 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u06a9\u0627\u0641\u06cc \u0648\u0631\u0648\u062f\u06cc\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631 \u062f\u0631 \u062e\u0637 \u0641\u0631\u0645\u0627\u0646 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0627\u0645\u0631 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u0628\u0627 \u0648\u0627\u0631\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0648\u0631 \u062e\u0627\u0635\u06cc\u060c \u0627\u0632 \u0627\u06cc\u0646 \u0646\u0642\u0635 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u0646\u062f.\n\n\u0634\u0631\u0627\u06cc\u0637 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc:\n\u0628\u0631\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u0648\u0641\u0642 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u0645\u0647\u0627\u062c\u0645 \u062a\u0646\u0647\u0627 \u0628\u0647 \u06cc\u06a9 \u062d\u0633\u0627\u0628 \u06a9\u0627\u0631\u0628\u0631\u06cc \u0628\u0627 \u062d\u062f\u0627\u0642\u0644 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u0647\u0645\u0627\u0646 \u0646\u06cc\u0627\u0632 \u062f\u0627\u0631\u062f.\n\n\u062a\u0627\u062b\u06cc\u0631:\n\u0645\u0648\u0641\u0642\u06cc\u062a \u062f\u0631 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 #\u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u062f\u0633\u062a\u06af\u0627\u0647 \u062a\u0648\u0633\u0637 \u0645\u0647\u0627\u062c\u0645 \u0634\u0648\u062f\u060c \u0627\u0632 \u062c\u0645\u0644\u0647:\n- \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647\n- \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062a\u0645\u0627\u0645 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062f\u0633\u062a\u06af\u0627\u0647\n- \u0627\u062e\u062a\u0644\u0627\u0644 \u062f\u0631 \u0633\u0631\u0648\u06cc\u0633\u200c\u062f\u0647\u06cc \u062f\u0633\u062a\u06af\u0627\u0647\n\n\u062c\u0632\u0626\u06cc\u0627\u062a \u0641\u0646\u06cc:\n- \u062a\u0627\u0631\u06cc\u062e \u0627\u0646\u062a\u0634\u0627\u0631: \u06f1\u06f7 \u062c\u0648\u0644\u0627\u06cc \u06f2\u06f0\u06f2\u06f4\n- \u0646\u0645\u0631\u0647 CVSS: 8.8 (#\u0628\u062d\u0631\u0627\u0646\u06cc)\n- \u0627\u062c\u0631\u0627\u06cc \u063a\u06cc\u0631\u0636\u0631\u0648\u0631\u06cc \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0628\u06cc\u0634 \u0627\u0632 \u062d\u062f \u0644\u0627\u0632\u0645 CWE: CWE-250\n\n\u062a\u0648\u0635\u06cc\u0647\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc:\n\u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627\u06cc Cisco AsyncOS \u0628\u0627\u06cc\u062f \u0647\u0631 \u0686\u0647 \u0633\u0631\u06cc\u0639\u200c\u062a\u0631 #\u0648\u0635\u0644\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0631\u0627\u0626\u0647 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 Cisco \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u0646\u062f \u062a\u0627 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0645\u0627\u06cc\u0646\u062f. \u0647\u0645\u0686\u0646\u06cc\u0646\u060c \u0628\u0631\u0631\u0633\u06cc \u0645\u0646\u0638\u0645 \u0633\u06cc\u0633\u062a\u0645 \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0648 \u0631\u0641\u0639 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0627\u062d\u062a\u0645\u0627\u0644\u06cc \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\ud83d\udd17 \u062c\u0647\u062a \u0645\u0637\u0627\u0644\u0639\u0647 \u0627\u062f\u0627\u0645\u0647 \u0645\u0642\u0627\u0644\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0627\u06cc\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f:\n\n\ud83c\udf10 https://www.cvedetails.com/cve/CVE-2024-20435/\n\n\ud83d\udccd Summary of CVE-2024-20435 Vulnerability\n\nA critical vulnerability, identified as CVE-2024-20435, has been discovered in the Command Line Interface (#CLI) of the Cisco AsyncOS operating system for Secure Web Appliance devices (#Secure Web Appliance). This vulnerability allows local attackers with valid credentials to execute arbitrary commands and escalate their privileges to the highest level (#root).\n\nRoot Cause:\nThe primary weakness of this vulnerability is the insufficient validation of user inputs in the command line. This flaw enables attackers to exploit it by entering specific commands.\n\nExploitation Conditions:\nTo successfully exploit this vulnerability, an attacker only needs a user account with minimal guest-level access.\n\nImpact:\nSuccessful exploitation of this vulnerability can lead to full control of the device by the attacker, including:\n- Execution of arbitrary code\n- Access to all device data\n- Disruption of device services\n\nTechnical Details:\n- Release Date: July 17, 2024\n- CVSS Score: 8.8 (#Critical)\n- CWE: CWE-250, Unnecessary Privileges\n\nSecurity Recommendations:\nUsers of Cisco AsyncOS devices should promptly install the security patch provided by Cisco to protect against this vulnerability. Regular system checks to identify and mitigate potential vulnerabilities are also recommended.\n\n\ud83d\udd17 To read the full article, visit this site:\n\n\ud83c\udf10 https://www.cvedetails.com/cve/CVE-2024-20435/", "creation_timestamp": "2024-08-11T18:11:49.000000Z"}