Ethical Hacking News
Cisco has issued an urgent warning to its customers, advising them to apply a critical security patch to address a significant vulnerability in its Adaptive Security Appliance (ASA) software. The vulnerability, tracked as CVE-2024-20481, has been found to be actively exploited by threat actors and could potentially lead to a denial-of-service (DoS) condition.
Cisco has issued an urgent warning about a critical security vulnerability (CVE-2024-20481) in its Adaptive Security Appliance (ASA) software. The vulnerability allows unauthenticated, remote attackers to send authentication requests that can cause resource exhaustion and result in a denial-of-service (DoS) condition. The affected Cisco ASA and FTD Software versions are: CVE-2024-20481 (CVSS score: 5.8), CVE-2024-20412 (CVSS score: 9.3), CVE-2024-20424 (CVSS score: 9.9), and CVE-2024-20329 (CVSS score: 9.9). Cisco recommends applying patches and following best practices, such as enabling logging, configuring threat detection, and manually blocking connection attempts from unauthorized sources.
Cisco has issued an urgent warning to its customers, advising them to apply a critical security patch to address a significant vulnerability in its Adaptive Security Appliance (ASA) software. The vulnerability, tracked as CVE-2024-20481, has been found to be actively exploited by threat actors and could potentially lead to a denial-of-service (DoS) condition.
According to Cisco's advisory, the vulnerability arises due to resource exhaustion in the Remote Access VPN (RAVPN) service of its ASA software. This allows an unauthenticated, remote attacker to send a large number of VPN authentication requests to an affected device, which could cause the RAVPN service to exhaust resources and result in a DoS condition.
The security flaw has already been exploited by threat actors as part of a large-scale brute-force campaign targeting VPNs, SSH services, and other software platforms. In April this year, Cisco Talos flagged a spike in brute-force attacks against Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services since March 18, 2024.
The vulnerability has been found to affect the following Cisco ASA and FTD Software versions:
* CVE-2024-20481 (CVSS score: 5.8): Cisco ASA RAVPN service
* CVE-2024-20412 (CVSS score: 9.3): Cisco Firepower 1000, 2100, 3100, and 4200 Series FTD Software
* CVE-2024-20424 (CVSS score: 9.9): FMC Software web-based management interface
* CVE-2024-20329 (CVSS score: 9.9): ASA SSH subsystem
Cisco has released patches to remediate these vulnerabilities and has advised its customers to apply the latest security fixes as soon as possible.
To counter this vulnerability, Cisco recommends that customers follow certain best practices:
* Enable logging
* Configure threat detection for remote access VPN services
* Apply hardening measures such as disabling AAA authentication
* Manually block connection attempts from unauthorized sources
It's worth noting that the emergence of nation-state sponsored attacks on networking devices has highlighted the need for organizations to stay vigilant and apply security patches quickly. In this case, Cisco has demonstrated its commitment to addressing the vulnerabilities in its software platforms.
Cisco has also released patches to remediate three other critical flaws in FTD Software, Secure Firewall Management Center (FMC) Software, and Adaptive Security Appliance (ASA), respectively - CVE-2024-20412, CVE-2024-20424, and CVE-2024-20329. These vulnerabilities have been found to affect the following Cisco software platforms:
* CVE-2024-20412: FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series
* CVE-2024-20424: FMC Software web-based management interface
* CVE-2024-20329: ASA SSH subsystem
The patches have been released to address the following vulnerabilities:
* CVE-2024-20412: A presence of static accounts with hard-coded passwords vulnerability in FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series that could allow an unauthenticated, local attacker to access an affected system using static credentials
* CVE-2024-20424: An insufficient input validation of HTTP requests vulnerability in the web-based management interface of FMC Software that could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root
* CVE-2024-20329: An insufficient validation of user input vulnerability in the SSH subsystem of ASA that could allow an authenticated, remote attacker to execute operating system commands as root
The patches have been released to address these vulnerabilities and have advised customers to apply them as soon as possible.
In conclusion, Cisco has issued a critical security warning to its customers, advising them to apply a patch to address a significant vulnerability in its Adaptive Security Appliance (ASA) software. The vulnerability, tracked as CVE-2024-20481, has been found to be actively exploited by threat actors and could potentially lead to a denial-of-service (DoS) condition.
Cisco's recommendations for countermeasures include enabling logging, configuring threat detection for remote access VPN services, applying hardening measures such as disabling AAA authentication, and manually blocking connection attempts from unauthorized sources. The company has also released patches to remediate three other critical flaws in FTD Software, Secure Firewall Management Center (FMC) Software, and Adaptive Security Appliance (ASA), respectively.
The emergence of nation-state sponsored attacks on networking devices highlights the need for organizations to stay vigilant and apply security patches quickly. In this case, Cisco has demonstrated its commitment to addressing the vulnerabilities in its software platforms.
Related Information:
https://thehackernews.com/2024/10/cisco-issues-urgent-fix-for-asa-and-ftd.html
https://nvd.nist.gov/vuln/detail/CVE-2024-20481
https://www.cvedetails.com/cve/CVE-2024-20481/
https://nvd.nist.gov/vuln/detail/CVE-2024-20412
https://www.cvedetails.com/cve/CVE-2024-20412/
https://nvd.nist.gov/vuln/detail/CVE-2024-20424
https://www.cvedetails.com/cve/CVE-2024-20424/
https://nvd.nist.gov/vuln/detail/CVE-2024-20329
https://www.cvedetails.com/cve/CVE-2024-20329/
Published: Thu Oct 24 10:24:09 2024 by llama3.2 3B Q4_K_M
