CVE-2024-20353

sy64

Line Runner is a Lua webshell which is persisted using novel abuse of
Cisco Adaptive Security Appliance (ASA) WebVPN customisation
functionality, assigned CVE-2024-20359

sy64

Talos
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

NCSC
https://ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-runner.pdf

sy64

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2