Cisco ASA Software Vulnerability Could Lead to Denial of Service
Key Information
- Vendor
- Cisco
- Status
- Cisco Adaptive Security Appliance (asa) Software
- Cisco Firepower Threat Defense Software
- Vendor
- CVE Published:
- 24 April 2024
Badges
Summary
A critical vulnerability (CVE-2024-20353) in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. Attackers have exploited this vulnerability to install backdoors on government Cisco ASA appliances. These attacks started in November 2023, with evidence suggesting that the capability was being tested and developed as early as July 2023. The attackers used custom malware to conduct their activities, overriding the SSL VPN session establishment process and maintaining a backdoor on the compromised devices. Cisco has released patches for the vulnerabilities and advised organizations to implement them promptly. The attacker demonstrated a clear focus on espionage, and the use of zero-days and specific anti-forensic measures indicate a sophisticated state-sponsored actor. Organizations with internet-exposed Cisco ASA devices were nearly five times more likely to experience a cyber insurance claim in 2023, reinforcing the severity and impact of these attacks.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-20353 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Cisco Adaptive Security Appliance (ASA) Software = 9.8.1
Cisco Adaptive Security Appliance (ASA) Software = 9.8.1.5
Cisco Adaptive Security Appliance (ASA) Software = 9.8.1.7
News Articles
Help Net Security CVE-2024-20353CVE-2024-20359Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024 - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days
5 months ago
CybersecurityNews CVE-2024-20353CVE-2024-20359ArcaneDoor Exploiting Cisco Zero-Days To Attack Government Networks
Hackers target Cisco zero-days as they can abuse the widely used networking equipment that contains vulnerabilities which means they can affect many systems and networks in one shot.
5 months ago
Help Net Security CVE-2024-20353CVE-2024-20359Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) - Help Net Security
Attackers have used two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on government Cisco ASA appliances.
5 months ago
CVSS V3.1
Timeline
Vulnerability started trending.
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
First article discovered by Help Net Security
- 👾
Exploit exists.
Vulnerability published.
Vulnerability Reserved.