The NCSC ("National Cyber Security Centre") has warned of 2 critical vulnerabilities in Cisco firewalls running "Adaptive Security Appliance" (ASA) and "Firepower Threat Defense" (FTD) - CVE-2024-20353, CVE-2024-20358, CVE-2024-20359.
Malicious actors are using the vulnerability to deploy malware, gain persistent access, execute commands, and steal data from compromised devices.
A group called "UAT4356" by Cisco and "STORM-1849" by Microsoft has been at the forefront of an espionage campaign called "ArcaneDoor", which has been exploiting these vulnerabilities since at least December 2023.
About Vulnerability
CVE-2024-20353: A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software could allow an unauthenticated remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
CVE-2024-20358: A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality available in Cisco ASA Software and Firepower Threat Defense (FTD) software could allow an authenticated local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
CVE-2024-20359: A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins which has been available in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) software could allow an authenticated local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
NetSensor clients
NetSensor technologies can protect against this and many other vulnerabilities across the entire structure, including protection for firewalls and internet routers.
Read too:
Comentarios