Cisco ASA Software Vulnerability Could Lead to Denial of Service
CVE-2024-20353
Key Information
- Vendor
- Cisco
- Status
- Cisco Adaptive Security Appliance (asa) Software
- Cisco Firepower Threat Defense Software
- Vendor
- CVE Published:
- 24 April 2024
Badges
What is CVE-2024-20353?
CVE-2024-20353 is a vulnerability found in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. These products are integral to network security, often serving as firewalls and VPN solutions for organizations. This vulnerability allows an unauthenticated, remote attacker to send a specially crafted HTTP request to the web services of the device, potentially leading to an unexpected reload of the system. The resulting denial of service (DoS) can disrupt critical network services and impact organizational operations.
Technical Details
The vulnerability arises from inadequate error checking during the processing of HTTP headers in the management and VPN web servers associated with Cisco ASA and FTD. When an attacker exploits this weakness by sending a crafted HTTP request, it triggers a condition that causes the device to reload unexpectedly. The lack of proper validation makes it possible for attackers to manipulate the device's web server, resulting in operational failures.
Impact of the Vulnerability
-
Service Disruption: The primary consequence of this vulnerability is the potential for a denial of service, causing critical network services to become unavailable. This can halt business operations that rely on these security appliances.
-
Unauthorized Access Potential: While the vulnerability may not directly allow for data exfiltration, an attacker could exploit the DoS condition to create opportunities for further exploits or to establish a foothold within the network.
-
Operational Risks: The repeated need to reboot the device due to crashes can lead to erratic network performance and increased strain on IT resources, as teams must constantly monitor and respond to service interruptions.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-20353 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Cisco Adaptive Security Appliance (ASA) Software = 9.8.1
Cisco Adaptive Security Appliance (ASA) Software = 9.8.1.5
Cisco Adaptive Security Appliance (ASA) Software = 9.8.1.7
News Articles
Help Net SecurityWeek in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024 - Help Net Security
Hereโs an overview of some of last weekโs most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days
8 months ago
CybersecurityNewsArcaneDoor Exploiting Cisco Zero-Days To Attack Government Networks
Hackers target Cisco zero-days as they can abuse the widely used networking equipment that contains vulnerabilities which means they can affect many systems and networks in one shot.ย
8 months ago
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) - Help Net Security
Attackers have used two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on government Cisco ASA appliances.
8 months ago
References
CVSS V3.1
Timeline
- ๐ฅ
Vulnerability reached the number 1 worldwide trending spot
- ๐
Vulnerability started trending
- ๐ฐ
Used in Ransomware
- ๐ฐ
First article discovered by Help Net Security
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
Vulnerability published
Vulnerability Reserved