Cisco said on Wednesday that it has released updates to address a widely used security flaw in the Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition.
Vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA software and Cisco Firepower Threat Defense (FTD).
A security issue caused by resource exhaustion can be exploited by unauthenticated remote attackers to cause a DoS of the RAVPN service.
“An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device,” Cisco said. said in the advisory. “A successful exploit could allow an attacker to exhaust resources, resulting in a DoS of the RAVPN service on a compromised device.”
Restoring RAVPN service may require a device reboot depending on the effects of the attack, the networking equipment company added.
While there are no direct workarounds to address CVE-2024-20481, Cisco said customers can follow the recommendations resist password spraying attacks –
- Enable recording
- Configure threat detection for remote access VPN services
- Take enforcement measures such as disabling AAA authentication and
- Manually block connection attempts from unauthorized sources
Notably, the flaw was exploited in a malicious context by threat actors in a large-scale brute force campaign targeting VPN and SSH services.
Earlier this April, Cisco Talos marked with a flag since March 18, 2024, a surge in brute-force attacks against virtual private network (VPN) services, web application authentication interfaces, and SSH services.
These attacks exposed a wide range of hardware from various companies, including Cisco, Check Point, Fortinet, SonicWall, MikroTik, Draytek and Ubiquiti.
“Brude-force attempts use common usernames and real usernames for specific organizations,” Talos noted at the time. “All of these attacks appear to originate from TOR exit nodes and a number of other anonymous tunnels and proxies.”
Cisco has also released patches to address three other critical vulnerabilities in the FTD software, Secure Firewall Management Center (FMC) software, and Adaptive Security Appliance (ASA) respectively –
- CVE-2024-20412 (CVSS Score: 9.3) – A static credentials vulnerability with hardcoded passwords exists in the FTD software for the Cisco Firepower 1000, 2100, 3100, and 4200 series, which could allow an unauthenticated local attacker to gain access to a compromised system using static credentials .
- CVE-2024-20424 (CVSS Score: 9.9) – Insufficient validation of incoming HTTP requests, a vulnerability in the FMC software management web interface that could allow an authenticated, remote attacker to execute arbitrary commands on the host operating system as the root user
- CVE-2024-20329 (CVSS Score: 9.9) – Insufficient validation of a user input vulnerability in the ASA’s SSH subsystem could allow an authenticated, remote attacker to execute operating system commands as root
With security vulnerabilities in network devices becoming the focus of nation-state exploitation, it is critical that users apply the latest patches quickly.
