October 24, 2024 at 02:13PM
Cisco addressed a denial of service vulnerability (CVE-2024-20481) affecting its ASA and FTD software, discovered during large-scale brute-force attacks. This flaw allows unauthenticated remote attackers to exhaust resources of the RAVPN service. Cisco also issued advisories for 42 other vulnerabilities, urging immediate patching.
### Meeting Takeaways
1. **Vulnerability Fix:**
– Cisco has addressed a denial of service (DoS) vulnerability (CVE-2024-20481) affecting its ASA and Firepower Threat Defense (FTD) software, which was identified during brute force attacks in April.
– This flaw allows unauthenticated attackers to potentially exhaust resources on the RAVPN service through excessive VPN authentication requests.
2. **Affected Devices:**
– The vulnerability impacts all versions of Cisco ASA and FTD software prior to the latest updates.
– It can only be exploited if the Remote Access VPN (RAVPN) service is enabled on devices.
3. **Administrative Actions:**
– Administrators can check if the RAVPN service is enabled using the command:
“`
firewall# show running-config webvpn | include ^ enable
“`
– If there is no output, the RAVPN service is not enabled.
4. **Context of Discovery:**
– The flaw was discovered amid widespread brute-force attacks targeting various VPN services, including those from Cisco, Checkpoint, Fortinet, SonicWall, and others.
5. **Other Cisco Vulnerabilities:**
– Cisco released 37 security advisories for 42 vulnerabilities across multiple products, including three critical vulnerabilities (CVSS scores: 9.3 to 9.9).
– Key vulnerabilities include:
– **CVE-2024-20424:** Command injection flaw in Cisco FMC software.
– **CVE-2024-20329:** Remote command injection in Cisco ASA due to insufficient input validation.
– **CVE-2024-20412:** Static credentials vulnerabilities in Firepower devices.
6. **Recommended Actions for Other Vulnerabilities:**
– **For CVE-2024-20429:** No workarounds provided.
– **For CVE-2024-20329:** Suggested to disable the vulnerable CiscoSSH stack.
– **For CVE-2024-20412:** Workarounds available via Cisco’s Technical Assistance Center; administrators advised to monitor for signs of exploitation using specified commands.
7. **Patching and Monitoring:**
– Immediate patching is recommended for all critical vulnerabilities.
– Suggested monitoring practices include reviewing logs for unusual activities for vulnerabilities without provided detection methods (CVE-2024-20424 and CVE-2024-20329).
8. **Update Availability:**
– Updates for all identified vulnerabilities can be found using the Cisco Software Checker tool.
Ensure your systems are updated and secure against these vulnerabilities promptly.