Cisco RAVPN Vulnerability to DoS Attacks

CVE-2024-20481

5.8MEDIUM

Key Information

Vendor
Cisco
Status
Cisco Adaptive Security Appliance (asa) Software
Cisco Firepower Threat Defense Software
Vendor
CVE Published:
23 October 2024

Badges

πŸ‘Ύ Exploit ExistsπŸ¦… CISA ReportedπŸ“° News Worthy

Summary

The first article discusses a vulnerability in Cisco's Remote Access VPN (RAVPN) service, which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on the affected device. This vulnerability is being actively exploited by malicious actors and could potentially disrupt critical security functions. The second article adds two new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including the Cisco ASA and FTD Denial-of-Service Vulnerability and the Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability. These vulnerabilities pose significant risks as they are actively exploited in the wild. The third article confirms that the Cisco ASA and FTD vulnerability is being exploited in brute-force attacks, which involve overwhelming the vulnerable devices with VPN authentication requests to gain unauthorized network access and potentially lead to denial of service conditions on the VPN. Cisco has released software updates to patch the vulnerability, and the US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to prioritize remediating these vulnerabilities.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-20481 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software = 9.8.1

Cisco Adaptive Security Appliance (ASA) Software = 9.8.1.5

Cisco Adaptive Security Appliance (ASA) Software = 9.8.1.7

News Articles

CISA Warns of Cisco ASA & Roundcube Vulnerabilities Exploited in Wild

(CISA has announced the addition of two new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

2 months ago

Cisco fixes bug under exploit in brute-force attacks

Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service...

2 months ago

Cisco ASA and FTD zero day used in password spraying attacks | Tech...

Another Cisco ASA and FTD vulnerability was disclosed on Wednesday. Organizations are urged to patch as its under active exploitation.

2 months ago

References

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • πŸ“°

    First article discovered by Security Affairs

  • Vulnerability published

Collectors

NVD DatabaseMitre DatabaseCISA Database4 News Article(s)
.