Cisco announced patches on Wednesday to fix a security vulnerability in its Adaptive Security Appliance (ASA) that is being actively abused and might result in a denial-of-service (DoS) scenario.
The vulnerability, identified as CVE-2024-20481 (CVSS score: 5.8), impacts Cisco Firepower Threat Defence (FTD) software and the Cisco ASA Remote Access VPN (RAVPN) service.
The security vulnerability, which results from resource exhaustion, could be used by remote, unauthenticated attackers to disrupt the RAVPN service.
“An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device,” Cisco said in an advisory. “A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device.”
According to the networking equipment company, depending on the severity of the attack, reloading the device might be necessary to restore the RAVPN service.
Cisco stated that although there are no direct fixes for CVE-2024-20481, users can heed its advice to prevent password spraying attacks.
It is important to note that threat actors have exploited the vulnerability in a hostile manner as part of a massive brute-force campaign that targets SSH and VPN services.
Cisco Talos reported earlier this April that since March 18, 2024, there has been an increase in brute-force assaults against web application authentication interfaces, SSH services, and Virtual Private Network (VPN) services.
Numerous pieces of equipment from various firms, such as Cisco, Check Point, Fortinet, SonicWall, MikroTik, Draytek, and Ubiquiti, were specifically targeted by these attacks.
“The brute-forcing attempts use generic usernames and valid usernames for specific organizations,” Talos noted at the time. “These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies.”
Additionally, Cisco has published patches to address three other serious defects in the Adaptive Security Appliance (ASA), Secure Firewall Management Centre (FMC) software, and FTD software, respectively.
CVE-2024-20412 (CVSS score: 9.3) – A vulnerability in the FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series that exists for static accounts with hard-coded passwords could enable a local, unauthenticated attacker to access a compromised machine using static credentials.
CVE-2024-20424 (CVSS score: 9.9) – An authenticated remote attacker could be able to run arbitrary commands on the underlying operating system as root due to a vulnerability in the web-based administration interface of FMC Software caused by inadequate input validation of HTTP requests.
CVE-2024-20329 (CVSS score: 9.9) – An inadequate user input validation flaw in the ASA’s SSH subsystem that can enable a remote, authenticated attacker to run operating system commands as root
Users must act swiftly to implement the most recent fixes because security flaws in networking equipment are becoming a focal area for nation-state exploitation.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
