The NCSC advises organisations who use Cisco Firewall to take immediate action to mitigate vulnerabilities affecting Cisco devices running Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software (CVE-2024-20353, CVE-2024-20358, CVE-2024-20359) and follow the latest vendor advice.
The NCSC has also issued a joint advisory and two malware analysis reports to help network defenders detect and mitigate malicious activity associated with these vulnerabilities.
Information for this blog was sourced using ncsc.gov.uk. You can read the full story here
What has happened to Cisco Firewall?
Cisco has published advisories detailing three vulnerabilities affecting its ASA and FTD devices.
Cisco is aware of active exploitation of CVE-2024-20353 and CVE-2024-20359.
CVE-2024-20353: A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software could allow an unauthenticated remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
CVE-2024-20358: A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality available in Cisco ASA Software and Firepower Threat Defense (FTD) software could allow an authenticated local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
CVE-2024-20359: A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins which has been available in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) software could allow an authenticated local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
The NCSC will continue to monitor for any impact of these vulnerabilities on UK organisations.
Who is affected?
Organisations using Cisco ASA or Cisco FTD. No specific configuration is required.
Cisco FTD is only affected by CVE-2024-20358 when lockdown mode is enabled to restrict Linux shell access. Note that lockdown mode is disabled by default.
Exploitation of Cisco Firewall
Cisco is aware that CVE-2024-20353 and CVE-2024-20359 are being actively exploited.
The NCSC has also issued a joint advisory and two malware analysis reports to help network defenders detect and mitigate malicious activity associated with these vulnerabilities.
What should I do?
The NCSC recommends following vendor best practice advice to mitigate these vulnerabilities. In this case, if you use Cisco ASA or Cisco FTD, you should take these priority actions:
Monitor the vendor advisory and install the security update once it is available for your version.
Carry out continuous monitoring and threat hunting activities.
If you believe you have been compromised, you should contact Cisco PSIRT and if you are in the UK, also report it to the NCSC.
What a year for technology 2024 has been! As we step into 2025, the pace of innovation shows no signs of slowing down. From
In the rapidly evolving digital landscape, data protection remains a critical focus for businesses operating in the UK. Post-Brexit, the UK’s data protection framework
In today’s digital landscape, the consequences of non-compliance in IT security are severe and far-reaching. Organisations that fail to meet established security standards not
As cyber threats grow in sophistication, traditional methods of protection—such as static firewalls or signature-based antivirus tools—struggle to keep up. Enter machine learning (ML),
In recent years, artificial intelligence (AI) has rapidly advanced, and its influence is becoming more pronounced in the field of cybersecurity. While AI offers
In today’s increasingly digital world, cybersecurity threats are a constant concern for businesses of all sizes. With cyberattacks becoming more sophisticated and frequent, the
In the ever-evolving world of technology, businesses must stay ahead to remain competitive. With 2024 bringing unprecedented advancements in IT and growing demands
In November 2024, cybersecurity experts uncovered a sophisticated attack method known as “SEO poisoning,” where cybercriminals manipulate search engine results to distribute malware. A
In today’s increasingly connected world, the security of your wireless network is more crucial than ever. As a reseller of WatchGuard products, 4th Platform
Since 2020, working from home (WFH) has become commonplace. In the wake of the COVID-19 pandemic, almost every company had to switch their traditionally