Severity Level: High
Title:
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability
Timestamp:
Wednesday April 24, 2024
Summary:
Cisco has released security updates to address the exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software. These vulnerabilities, CVE-2024-20353, CVE-2024-20359, and CVE-2024-20358, could allow a cyber threat actor to take control of an affected system.
Cisco has reported active exploitation of CVE-2024-20353 and CVE-2024-20359. These vulnerabilities allow unauthenticated remote attackers to exploit them and potentially gain persistence on affected devices. This campaign, dubbed ArcaneDoor by Cisco, has been actively exploited by state-sponsored actors since at least November 2023.
Affected System:
Cisco Adaptive Security Appliance (ASA) Software
Cisco Firepower Threat Defense (FTD) Software
Recommendations:
Refer Cisco Advisory
Follow the recommended ,,, Click here
References:
For references , Click here