Cisco recently announced updates to fix a critical security flaw in its Adaptive Security Appliance (ASA) being actively exploited, potentially leading to a denial-of-service (DoS) situation.
The vulnerability, identified as CVE-2024-20481 with a CVSS score of 5.8, impacts the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.
Caused by resource exhaustion, the flaw could be leveraged by remote, unauthenticated attackers to launch a DoS attack on the RAVPN service.
Cisco explained, “An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device, resulting in resource exhaustion and a DoS of the RAVPN service.”
To restore the RAVPN service, a device reload might be necessary based on the attack’s impact, according to Cisco.
Although there aren’t specific workarounds for CVE-2024-20481, Cisco recommends taking measures such as enabling logging, configuring threat detection for remote access VPN services, implementing hardening steps like disabling AAA authentication, and blocking unauthorized connection attempts manually.
Interestingly, threat actors have already exploited this flaw in a widespread brute-force campaign targeting VPNs and SSH services. Cisco Talos observed a surge in such attacks since March 18, 2024, originating from TOR exit nodes and various anonymizing tunnels.
Cisco has also issued patches to fix three other critical flaws in FTD Software, Secure Firewall Management Center (FMC) Software, and ASA, respectively:
-
CVE-2024-20412 (CVSS score: 9.3) – Static accounts with hard-coded passwords vulnerability in FTD Software
for Cisco Firepower series - CVE-2024-20424 (CVSS score: 9.9) – Insufficient input validation of HTTP requests in FMC Software
- CVE-2024-20329 (CVSS score: 9.9) – Insufficient validation of user input in the SSH subsystem of ASA
Given the rising trend of nation-state cyber threats, it’s crucial for users to promptly apply the latest security updates available for networking devices.