Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign

Cisco has released patches for multiple vulnerabilities in ASA, FMC, and FTD products, including an exploited flaw.

Cisco exploited

Cisco on Wednesday announced patches for multiple vulnerabilities in Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), and Firepower Threat Defense (FTD) products, including an exploited flaw.

Tracked as CVE-2024-20481 (CVSS score of 5.8), the exploited issue affects the Remote Access VPN (RAVPN) service of ASA and FTD and could allow remote, unauthenticated attackers to cause a denial-of-service (DoS) condition.

“This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device,” Cisco explains in its advisory.

Only devices running a vulnerable ASA or FTD iteration that have the RAVPN service enabled are vulnerable, the tech giant says, noting that it is aware of the in-the-wild exploitation of the vulnerability.

The tech giant says the observed attacks are related to the large-scale brute-force campaign targeting multiple VPN and SSH services that it flagged in April 2024. These attacks target not only Cisco, but also Checkpoint, Fortinet, SonicWall, MikroTik, Draytek, and Ubiquiti products.

Cisco published the advisory for CVE-2024-20481 as part of its October 2024 semiannual ASA, FMC, and FTD security advisory bundled publication, which details 50 other flaws, including three critical-issues, but says it is not aware of any of them being exploited in attacks.

However, the tech giant warns that proof-of-concept code has been released for CVE-2024-20377, CVE-2024-20387, and CVE-2024-20388, three information disclosure defects in FMC.

Affecting ASA and tracked as CVE-2024-20329 (CVSS score of 9.9), the first critical bug could allow an authenticated, remote attacker to execute OS commands with root privileges over SSH, gaining complete control over the system.

Advertisement. Scroll to continue reading.

The FMC security defect, tracked as CVE-2024-20424 (CVSS score of 9.9), allows an authenticated, remote attacker to send crafted HTTP requests that are not properly validated to execute arbitrary commands with root privileges on the underlying operating system of the affected devices.

Impacting Cisco’s Firepower 1000, 2100, 3100, and 4200 series firewalls, the critical flaw in FTD is tracked as CVE-2024-20412 (CVSS score of 9.3) and allows a local, unauthenticated attacker to log in to the command line interface of an affected device using static credentials.

Cisco also released patches for 10 high-severity vulnerabilities in FTD, more than half of which also affected ASA. Another high-severity flaw was resolved in Adaptive Security Virtual Appliance (ASAv) and Secure Firewall Threat Defense Virtual (FTDv).

Except for a bug in the VPN web server of ASA and FTD that could lead to arbitrary code execution with root privileges, the remaining high-severity issues could be exploited to create DoS conditions.

The remaining advisories in Cisco’s semiannual bundled publication describe 33 medium-severity flaws in ASA, FMC, and FTD, except for an informational one that warns of an issue with the Vulnerability Database (VDB) release for FTD that could cause the Snort detection engine to restart unexpectedly.

On Wednesday, Cisco also announced patches for a medium-severity flaw in the IKEv2 processing of Secure Client Software that could allow a remote, unauthenticated attacker to cause a DoS condition.

Organizations are advised to apply Cisco’s patches as soon as possible. Additional information can be found on Cisco’s security advisories page.

Related: Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

Related: Cisco Confirms Security Incident After Hacker Offers to Sell Data

Related: Cisco Releases Guides for Analyzing Compromised Devices

Related: Cisco Patches High Severity Flaws in HyperFlex, Prime Infrastructure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Raj Dodhiawala has been named Chief Product Officer at Eclypsium.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.