Headline
Cisco ASA, FTD Software Under Active VPN Exploitation
Unauthenticated threat actors can remotely cause a denial-of-service (DoS) cyberattack within the Remote Access VPN software in Cisco’s ASA and Firepower software.
Source: Palamarchuk via Shutterstock
Cisco has rushed a patch for a brute-force denial-of-service (DoS) vulnerability in its VPN that’s being actively exploited in the wild.
The medium-severity bug (CVE-2024-20481, CVSS 5.8) resides in the Remote Access VPN (RAVPN) found in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software. If exploited, it could allow an unauthenticated, remote attacker to cause a DoS and disruptions within the RAVPN.
According to Cisco’s advisory on the flaw, the vulnerability can be exploited for resource exhaustion by sending a mass number of VPN authentication requests to an affected device, as a cyberattacker would do in an automated brute-force or password-spray attack.
“Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service,” Cisco said in its report. “Services that are not related to VPN are not affected.”
Cisco has released software updates to help mitigate the vulnerability, but it notes that there are no other workarounds for the bug.
It does provide recommendations for evading password-spray attacks, including enabling logging, configuring threat detecting for remote access VPN services, applying hardening measures, and manually blocking connection attempts from unauthorized sources.
About the Author
Related news
Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the
Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. Arising due to resource