- 126/2024
- High
- April 25, 2024
- 2:16 pm
Cisco has released security updates to fix several vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software.
The addressed vulnerabilities could allow the attacker to conduct denial of service attacks, or execute arbitrary code, and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Cisco ASA and FTD Software Web Services Denial of Service Vulnerability (CVE-2024-20353):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial Of Service
2. Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability (CVE-2024-20359):
- CVSS: 6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that Cisco is aware that the two zero-day vulnerabilities “CVE-2024-20353, CVE-2024-20359” are being exploited in the wild, and the ArcaneDoor campaign exploits them to breach government networks worldwide.
Vulnerabilities
- CVE-2024-20353
- CVE-2024-20358
- CVE-2024-20359
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.