Emergency patch: Cisco fixes bug under exploit in brute-force attacks

October 24, 2024 at 02:26PM Cisco has patched a medium-severity security flaw (CVE-2024-20481) in its ASA and FTD software, exploited through brute-force attacks leading to resource exhaustion in devices with remote access VPN enabled. The vulnerability is included in CISA’s Known Exploited Vulnerabilities Catalog, and Cisco urges users to apply updates promptly. ### Meeting Takeaways: … Read more

Cisco fixes VPN DoS flaw discovered in password spray attacks

October 24, 2024 at 02:13PM Cisco addressed a denial of service vulnerability (CVE-2024-20481) affecting its ASA and FTD software, discovered during large-scale brute-force attacks. This flaw allows unauthenticated remote attackers to exhaust resources of the RAVPN service. Cisco also issued advisories for 42 other vulnerabilities, urging immediate patching. ### Meeting Takeaways 1. **Vulnerability Fix:** – … Read more

Cisco ASA, FTD Software Under Active VPN Exploitation

October 24, 2024 at 11:59AM Cisco has quickly released a patch for a medium-severity DoS vulnerability (CVE-2024-20481) in its VPN software, which is actively exploited. The flaw allows attackers to overload the system with authentication requests. Cisco advises updating software and implementing security measures to mitigate risks, as no workarounds are available. ### Meeting Takeaways … Read more

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

October 24, 2024 at 09:03AM Cisco released updates for a critical security flaw (CVE-2024-20481) in its Adaptive Security Appliance, impacting the Remote Access VPN service. Exploitation may cause a denial-of-service (DoS). Cisco advises enabling logging and threat detection as preventive measures against brute-force attacks, while also addressing three additional vulnerabilities in its software. ### Meeting … Read more