Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Cisco ASA, FTD Software Under Active VPN Exploitation
Unauthenticated threat actors can remotely cause a denial-of-service (DoS) cyberattack within the Remote Access VPN software in Cisco's ASA and Firepower software.
1 Min Read
Source: Palamarchuk via Shutterstock
Cisco has rushed a patch for a brute-force denial-of-service (DoS) vulnerability in its VPN that's being actively exploited in the wild.
The medium-severity bug (CVE-2024-20481, CVSS 5.8) resides in the Remote Access VPN (RAVPN) found in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software. If exploited, it could allow an unauthenticated, remote attacker to cause a DoS and disruptions within the RAVPN.
According to Cisco's advisory on the flaw, the vulnerability can be exploited for resource exhaustion by sending a mass number of VPN authentication requests to an affected device, as a cyberattacker would do in an automated brute-force or password-spray attack.
"Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service," Cisco said in its report. "Services that are not related to VPN are not affected."
Cisco has released software updates to help mitigate the vulnerability, but it notes that there are no other workarounds for the bug.
It does provide recommendations for evading password-spray attacks, including enabling logging, configuring threat detecting for remote access VPN services, applying hardening measures, and manually blocking connection attempts from unauthorized sources.
About the Author
You May Also Like
More Insights
