Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

Published on 25 Apr 2024

Cisco has disclosed three vulnerabilities (CVE-2024-20353, CVE-2024-20359 and CVE-2024-20358) in their Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products. These vulnerabilities are reportedly being actively exploited.

The vulnerabilities are:

  • CVE-2024-20353: A vulnerability in the management and VPN web servers for Cisco ASA and Cisco FTD that could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
  • CVE-2024-20359: A vulnerability in a legacy capability that allows the preloading of VPN clients and plug-ins in Cisco ASA and Cisco FTD that could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
  • CVE-2024-20358: A vulnerability in the Cisco ASA restore functionality that is available in Cisco ASA and Cisco FTD that could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.

The affected product versions are:

  • FTD versions earlier than 7.0.6.2
  • ASA versions earlier than 9.16.4.57

Users and administrators are advised to upgrade their products to the latest versions immediately.

More information is available here:

https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response

Tags
Alerts Alerts & Advisories
Share