October 24, 2024 at 09:03AM
Cisco released updates for a critical security flaw (CVE-2024-20481) in its Adaptive Security Appliance, impacting the Remote Access VPN service. Exploitation may cause a denial-of-service (DoS). Cisco advises enabling logging and threat detection as preventive measures against brute-force attacks, while also addressing three additional vulnerabilities in its software.
### Meeting Takeaways – Vulnerability / Network Security Update
**Date:** October 24, 2024
**Presenter:** Ravie Lakshmanan
1. **Recent Security Flaw in Cisco ASA:**
– Cisco announced updates for a security vulnerability in its Adaptive Security Appliance (ASA) affecting Remote Access VPN (RAVPN) service, tracked as **CVE-2024-20481** (CVSS score: 5.8).
– The flaw could allow unauthenticated remote attackers to trigger a denial-of-service (DoS) condition by sending numerous VPN authentication requests, potentially exhausting device resources.
2. **Potential Impact:**
– Restoration of the RAVPN service may require a device reload after an attack.
3. **Mitigation Recommendations:**
– Although there are no direct workarounds for CVE-2024-20481, Cisco recommends:
– Enabling logging
– Configuring threat detection for RAVPN services
– Implementing hardening measures (e.g., disabling AAA authentication)
– Manually blocking unauthorized connection attempts
4. **Increased Brute-Force Attacks:**
– Cisco Talos reported a rise in brute-force attacks targeting VPNs and SSH services, especially since March 2024, linked to various vendors including Cisco, Check Point, and others.
– Attacks utilize generic and valid usernames, predominantly originating from anonymizing proxies.
5. **Additional Critical Flaws Patches:**
– Cisco has issued patches for three other critical vulnerabilities:
– **CVE-2024-20412** (CVSS: 9.3): Static accounts with hard-coded passwords in FTD Software.
– **CVE-2024-20424** (CVSS: 9.9): Insufficient input validation in FMC Software’s web management interface.
– **CVE-2024-20329** (CVSS: 9.9): Insufficient user input validation in the SSH subsystem of ASA.
6. **Call to Action:**
– Users are urged to promptly apply the latest fixes given the rising security vulnerabilities and related nation-state exploitation contexts.
### Follow-Up:
For further updates and exclusive content, follow Cisco on Twitter and LinkedIn.