InfoSecBulletin Cybersecurity for mankind
Cisco announced updates on Wednesday to fix a security flaw in its Adaptive Security Appliance (ASA) that is currently being exploited and could cause a denial-of-service (DoS) condition.
CVE-2024-20481 (CVSS score: 5.8) is A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
This vulnerability stems from resource exhaustion. An attacker can exploit it by sending many VPN authentication requests to the device, potentially causing a denial of service (DoS) for the RAVPN service. In some cases, the device may need to be rebooted to restore the service. Other services unrelated to VPN are not affected.
“An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device,” Cisco said in an advisory. “A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device.”
Earlier this April, Cisco Talos reported an increase in brute-force attacks on VPN services, web application logins, and SSH services since March 18, 2024.
These attacks targeted various equipment from companies like Cisco, Check Point, Fortinet, SonicWall, MikroTik, Draytek, and Ubiquiti.
“The brute-forcing attempts use generic usernames and valid usernames for specific organizations,” Talos noted at the time. “These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies.”
Cisco has also released patches to remediate three other critical flaws in FTD Software, Secure Firewall Management Center (FMC) Software, and Adaptive Security Appliance (ASA), respectively.
