Cisco ASA and FTD Privilege Escalation Vulnerability

Added April 24, 2024 • Due May 1, 2024 • CVE-2024-20359

Overdue Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) CWE-94

Description

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
https://nvd.nist.gov/vuln/detail/CVE-2024-20359

Additional Information

Catalog Version: 2025.06.02
Catalog Released: June 2, 2025
Days Until Due: 0 days
Last Updated: 4 weeks ago