October 24, 2024 at 02:26PM
Cisco has patched a medium-severity security flaw (CVE-2024-20481) in its ASA and FTD software, exploited through brute-force attacks leading to resource exhaustion in devices with remote access VPN enabled. The vulnerability is included in CISA’s Known Exploited Vulnerabilities Catalog, and Cisco urges users to apply updates promptly.
### Meeting Takeaways:
1. **Security Flaw Identified**:
– Cisco has patched a security vulnerability (CVE-2024-20481) in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, which has been actively exploited.
2. **Details of the Vulnerability**:
– The flaw has a CVSS rating of 5.8 (medium severity) and is related to resource exhaustion.
– It primarily impacts devices with the Remote Access VPN (RAVPN) service enabled.
3. **Malicious Activities Noted**:
– Cisco is aware of malicious exploitation of this vulnerability and an increase in brute-force attacks targeting vulnerable devices.
4. **Regulatory Response**:
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities Catalog.
5. **Recommended Actions**:
– Cisco has issued software updates to address the issue. Users are urged to apply these patches immediately to prevent exploitation.
– There are no workarounds for this bug, and users should follow Cisco’s guidance for upgrading FTD devices.
6. **Nature of the Attacks**:
– Attackers are utilizing brute-force methods, sending numerous VPN authentication requests to gain unauthorized access or exhaust system resources, leading to denial of service conditions.
7. **Cisco’s Ongoing Monitoring**:
– Cisco’s Talos threat intelligence team has noted a rise in VPN-targeted brute-force attacks since March, originating from TOR exit nodes and other anonymizing proxies.
8. **Mitigation Recommendations**:
– Cisco has released best practices to help protect against password-spray attacks and provided indicators of compromise in their security advisory.
### Next Steps:
– Ensure patching of Cisco devices.
– Review Cisco’s recommendations for mitigation against password-spray attacks.
– Monitor for updates from Cisco regarding the ongoing investigation into the attacks.