REDLEGG BLOG
Emergency Security Bulletin | RedLegg | 96Bravo

Emergency Security Bulletin - Cisco Adaptive Security Appliance And Firepower Threat Defense Software

4/24/24 4:10 PM  |  by RedLegg's Cyber Threat Intelligence Team

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

Executive Summary

On April 24, 2024, Cisco published details related to multiple vulnerabilities (CVE-2024-20353, CVE-2024-20358, and CVE-2024-20359) affecting users of the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) products. These vulnerabilities can be exploited by both unauthenticated and authenticated users to execute code remotely and establish persistence. There are no workarounds listed for any of the vulnerabilities detailed and patching is recommended as the only form of mitigation for the affected Cisco devices. Cisco identified the aforementioned vulnerabilities while investigating devices that were compromised in customer environments as early as July 2023, though Cisco still claims to not know how the devices were initially exploited. For these reasons, Cisco recommends that their customers maintain the latest patchesand take steps to harden these types of devices which are often accessible publicly due to their placement at the edge of customer networks. If you have concerns or believe that any of the affected Cisco devices have been compromised in your environment, we recommend that you follow the guidance shared by Cisco to verify the integrity of your devices.


VULNERABILITIES

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

Identifier: CVE-2024-20353 – CVSS Score 8.6 (HIGH)
Exploit or POC: Yes (Actively Being Exploited)
Update: Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability
Description: CVE-2024-20353 allows for denial of services. This vulnerability could allow an adversary to send crafted HTTP requests to a targeted web server. Authentication and user interaction are not required to successfully exploit this vulnerability. Successful exploitation of this vulnerability could allow an adversary to trigger an unexpected device reload. Subsequently, resulting in denial of service (DoS).
Mitigation recommendation: Customers should upgrade to the fixed software versions as listed in the ‘Update’ description: Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability. RedLegg Action: None at this time.


Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

Identifier: CVE-2024-20358 – CVSS Score 6.0 (Medium)
Exploit or POC: No
Update: Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability Description: CVE-2024-20358 allows for command injection. Authentication is required to successfully exploit this vulnerability. This vulnerability could allow an adversary to arbitrarily run code on the underlying operating system using root level privileges. This vulnerability can be exploited when a specially crafted backup file is restored on an affected device.
Mitigation recommendation: Customers should upgrade to the fixed software versions as listed in the ‘Update’ description: Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability.RedLegg Action: None at this time.


Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

Identifier: CVE-2024-20359 – CVSS Score 6.0 (HIGH)
Exploit or POC: Yes (Actively Being Exploited)
Update: Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability Description: CVE-2024-20359 allows for code execution. Authentication is required to successfully exploit this vulnerability. This vulnerability can be exploited by copying a specially crafted file to the disk0: file system on an affected device. The successful exploitation of this vulnerability could allow an adversary to execute code arbitrarily using root level privileges on an affected device, and thereby alter the system’s behavior.
Mitigation recommendation: Customers should upgrade to the fixed software versions as listed in the ‘Update’ description: Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability.RedLegg Action: None at this time.

Get Blog Updates

Related Articles

Emergency Security Bulletin - FortiManager Missing Authentication Vulnerability Bulletin, Vulnerability Bulletins

Emergency Security Bulletin - FortiManager Missing Authentication Vulnerability

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Emergency Security Bulletin - Updated Patch for Ivanti Vulnerabilities Bulletin, Vulnerability Bulletins

Emergency Security Bulletin - Updated Patch for Ivanti Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin