Cisco on Wednesday announced patches for multiple vulnerabilities in Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), and Firepower Threat Defense (FTD) products, including an exploited flaw.
Tracked as CVE-2024-20481 (CVSS score of 5.8), the exploited issue affects the Remote Access VPN (RAVPN) service of ASA and FTD and could allow remote, unauthenticated attackers to cause a denial-of-service (DoS) condition.
“This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device,” Cisco explains in its advisory.
Only devices running a vulnerable ASA or FTD iteration that have the RAVPN service enabled are vulnerable, the tech giant says, noting that it is aware of the in-the-wild exploitation of the vulnerability.
The tech giant says the observed attacks are related to the large-scale brute-force campaign targeting multiple VPN and SSH services that it flagged in April 2024. These attacks target not only Cisco, but also Checkpoint, Fortinet, SonicWall, MikroTik, Draytek, and Ubiquiti products.
Cisco published the advisory for CVE-2024-20481 as part of its October 2024 semiannual ASA, FMC, and FTD security advisory bundled publication, which details 50 other flaws, including three critical-issues, but says it is not aware of any of them being exploited in attacks.
However, the tech giant warns that proof-of-concept code has been released for CVE-2024-20377, CVE-2024-20387, and CVE-2024-20388, three information disclosure defects in FMC.
Affecting ASA and tracked as CVE-2024-20329 (CVSS score of 9.9), the first critical bug could allow an authenticated, remote attacker to execute OS commands with root privileges over SSH, gaining complete control over the system.
The FMC security defect, tracked as CVE-2024-20424 (CVSS score of 9.9), allows an authenticated, remote attacker to send crafted HTTP requests that are not properly validated to execute arbitrary commands with root privileges on the underlying operating system of the affected devices.
Impacting Cisco’s Firepower 1000, 2100, 3100, and 4200 series firewalls, the critical flaw in FTD is tracked as CVE-2024-20412 (CVSS score of 9.3) and allows a local, unauthenticated attacker to log in to the command line interface of an affected device using static credentials.
Cisco also released patches for 10 high-severity vulnerabilities in FTD, more than half of which also affected ASA. Another high-severity flaw was resolved in Adaptive Security Virtual Appliance (ASAv) and Secure Firewall Threat Defense Virtual (FTDv).
Except for a bug in the VPN web server of ASA and FTD that could lead to arbitrary code execution with root privileges, the remaining high-severity issues could be exploited to create DoS conditions.
The remaining advisories in Cisco’s semiannual bundled publication describe 33 medium-severity flaws in ASA, FMC, and FTD, except for an informational one that warns of an issue with the Vulnerability Database (VDB) release for FTD that could cause the Snort detection engine to restart unexpectedly.
On Wednesday, Cisco also announced patches for a medium-severity flaw in the IKEv2 processing of Secure Client Software that could allow a remote, unauthenticated attacker to cause a DoS condition.
Organizations are advised to apply Cisco’s patches as soon as possible. Additional information can be found on Cisco’s security advisories page.
Related: Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters
Related: Cisco Confirms Security Incident After Hacker Offers to Sell Data
Related: Cisco Releases Guides for Analyzing Compromised Devices
Related: Cisco Patches High Severity Flaws in HyperFlex, Prime Infrastructure
