Critical Cisco ASA Vulnerabilities Under Active Exploit
Date of Notice: 04/25/2024
Action Level - Critical
Description
Cisco has released updates to their ASA and FTD platforms addressing multiple vulnerabilities which are currently being exploited in the wild. These vulnerabilities could allow attackers to execute arbitrary code, implant malware, and exfiltrate data from compromised devices. Due to the serious nature of the vulnerabilities we recommend investigating potentially impacted devices and updating to a fixed version as soon as possible if you are affected.
Fixed Versions
Cisco has not yet released information identifying specific fixed versions. To determine which vulnerabilities you are affected by and which version contains fixes for your platform, reference the Cisco Software Checker linked in the Cisco Security Advisory
Attack Vector
Various depending on the specific vulnerability. An unauthenticated local attacker could trigger a DOS, while an authenticated local attacker with administrator privileges could execute arbitrary commands with root-level privileges.
Attack Feasibility
An exploit utilizing these vulnerabilities has been observed in the wild
Mitigation
There are no known mitigations for this vulnerability
Remediation
Cisco specifically recommends the following steps for their customers:
- Update to a fixed version as identified in the security advisories.
- Follow the Cisco ASA Forensic Investigation Procedures for First Responders.
- Monitor for any connections to the associated threat actor IPs and any alterations to the crash dump functionality.
Other Resources
Cisco Security Advisory (CVE-2024-20353)
Cisco Security Advisory (CVE-2024-20358)