Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability

infosecbulletin Friday , October 25 2024 Vulnerabilities

Cisco announced updates on Wednesday to fix a security flaw in its Adaptive Security Appliance (ASA) that is currently being exploited and could cause a denial-of-service (DoS) condition.

CVE-2024-20481 (CVSS score: 5.8) is A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service.

This vulnerability stems from resource exhaustion. An attacker can exploit it by sending many VPN authentication requests to the device, potentially causing a denial of service (DoS) for the RAVPN service. In some cases, the device may need to be rebooted to restore the service. Other services unrelated to VPN are not affected.

“An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device,” Cisco said in an advisory. “A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device.”

Earlier this April, Cisco Talos reported an increase in brute-force attacks on VPN services, web application logins, and SSH services since March 18, 2024.

These attacks targeted various equipment from companies like Cisco, Check Point, Fortinet, SonicWall, MikroTik, Draytek, and Ubiquiti.

“The brute-forcing attempts use generic usernames and valid usernames for specific organizations,” Talos noted at the time. “These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies.”

Cisco has also released patches to remediate three other critical flaws in FTD Software, Secure Firewall Management Center (FMC) Software, and Adaptive Security Appliance (ASA), respectively.