Tuesday, November 12, 2024
HomeCiscoAuthorities Warned that Hackers Are Exploiting Flaws in CISCO ASA VPNs

Authorities Warned that Hackers Are Exploiting Flaws in CISCO ASA VPNs

Published on

Malware protection

In a joint advisory released by cybersecurity agencies across Canada, Australia, and the United Kingdom, IT professionals and managers in government and critical sectors are alerted to sophisticated cyber-attacks targeting CISCO ASA VPN devices.

Background on the Cyber Threat

The Canadian Centre for Cyber Security and its international counterparts have been monitoring a series of cyber-attacks since early 2024.

These incidents have primarily affected CISCO ASA devices, specifically the ASA55xx series running firmware versions 9.12 and 9.14.

- Advertisement - SIEM as a Service

The attacks believed to be espionage efforts by a state-sponsored actor, have not shown signs of prepositioning for a disruptive or destructive network attack.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

However, the level of sophistication observed is a cause for concern.

CVE Details and Impact

CVE-2024-20359

The first vulnerability identified is CVE-2024-20359, allowing persistent local code execution.

This flaw enables attackers to maintain a presence on the affected device even after it has been rebooted.

CVE-2024-20353

The second vulnerability, CVE-2024-20353, can lead to a denial of service within the Cisco Adaptive Security Appliance and Firepower Threat Defense Software’s web services.

This vulnerability could be exploited to disrupt operations and deny access to network resources.

Malicious actors have exploited both vulnerabilities to gain unauthorized access through WebVPN sessions, often associated with Clientless SSLVPN services.

The agencies have not disclosed any specific hacker groups involved, but the capabilities point to a well-resourced and sophisticated actor.

Exploiting these vulnerabilities poses a significant risk to organizations that rely on the affected CISCO ASA VPN devices.

Unauthorized access to these devices can lead to data breaches, espionage, and potentially a foothold for future attacks against critical infrastructure.

Mitigation Strategies

In response to these threats, the advisory encourages organizations to:

  • Review logs for unknown, unexpected, or unauthorized device access or changes.
  • Update affected devices to the latest firmware versions as soon as possible.
  • Visit the Cisco Security Advisories portal and the Cisco Talos Blog for additional information and guidance on mitigation.
  • Implement network segmentation and access control lists to limit the traffic allowed to and from the affected devices.
  • Employ multi-factor authentication to access VPNs and reduce the risk of unauthorized access.

The alert serves as a reminder of the ever-present cyber threats facing organizations and the importance of maintaining robust cybersecurity practices.

As the situation develops, further updates and recommendations are expected to be issued by the involved cybersecurity agencies.

Update: Cisco has released updates for Zero Day vulnerabilities; more details can be found here.

Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...