04.25.2024

Critical Cisco ASA Vulnerabilities Under Active Exploit

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 04/25/2024

Action Level - Critical

Description

Cisco has released updates to their ASA and FTD platforms addressing multiple vulnerabilities which are currently being exploited in the wild. These vulnerabilities could allow attackers to execute arbitrary code, implant malware, and exfiltrate data from compromised devices. Due to the serious nature of the vulnerabilities we recommend investigating potentially impacted devices and updating to a fixed version as soon as possible if you are affected.

Fixed Versions

Cisco has not yet released information identifying specific fixed versions. To determine which vulnerabilities you are affected by and which version contains fixes for your platform, reference the Cisco Software Checker linked in the Cisco Security Advisory

Attack Vector

Various depending on the specific vulnerability. An unauthenticated local attacker could trigger a DOS, while an authenticated local attacker with administrator privileges could execute arbitrary commands with root-level privileges.

Attack Feasibility 

An exploit utilizing these vulnerabilities has been observed in the wild

Mitigation

There are no known mitigations for this vulnerability

Remediation

Cisco specifically recommends the following steps for their customers:

- Update to a fixed version as identified in the security advisories.

- Follow the Cisco ASA Forensic Investigation Procedures for First Responders.

- Monitor for any connections to the associated threat actor IPs and any alterations to the crash dump functionality.

Other Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC