Source URL: https://www.theregister.com/2024/10/24/cisco_bug_brute_force/
Source: The Register
Title: Emergency patch: Cisco fixes bug under exploit in brute-force attacks
Feedly Summary: Who doesn’t love abusing buggy appliances, really?
Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service attacks.…
AI Summary and Description: Yes
Summary: Cisco has addressed a medium-severity vulnerability (CVE-2024-20481) in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, which has been actively exploited through brute-force attacks targeting remote access VPN services. The U.S. CISA has also listed this vulnerability in its Known Exploited Vulnerabilities Catalog, emphasizing the urgency for organizations to apply the necessary patches.
Detailed Description:
Cisco’s announcement highlights a critical security concern pertaining to its ASA and FTD software, particularly related to a vulnerability that has already been exploited. Below are the key points regarding this incident:
– **Vulnerability Overview**:
– Identified as CVE-2024-20481, this security flaw is classified as medium-severity with a CVSS rating of 5.8.
– It primarily affects devices enabled with remote access VPN (RAVPN) services.
– **Exploitation and Active Threats**:
– Cisco confirmed that it is aware of ongoing attempts to exploit this vulnerability, especially through denial of service (DoS) attacks.
– The vulnerability allows attackers to launch brute-force attacks by sending numerous VPN authentication requests. Successful attacks can lead to unauthorized access and denial of service conditions.
– **Mitigation and Response**:
– CISA has warned organizations about this vulnerability by adding it to its Known Exploited Vulnerabilities Catalog, encouraging swift action to patch affected systems.
– Cisco has released software updates to address the vulnerability, urging customers to apply these patches immediately.
– **Recommendations for Security**:
– To combat the trend of password-spray attacks linked to this vulnerability, Cisco has published recommendations for enhanced security measures.
– Cisco’s threat intelligence group, Talos, noted an increase in brute-force attacks against VPNs since March, often originating from anonymized internet pathways like TOR exit nodes.
– **Implications for Professionals**:
– Security and compliance professionals should prioritize assessing the impact of CVE-2024-20481 in their infrastructure.
– Immediate patching and adherence to the recommendations from Cisco will be crucial to mitigating the risk of unauthorized access and potential service disruptions.
By keeping abreast of such vulnerabilities, organizations can foster better defense mechanisms against ongoing cyber threats, emphasizing the importance of proactive security measures.