Cisco has released updates to address a vulnerability (CVE-2024-20481) in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, which is currently under active exploitation. The vulnerability affects the Remote Access VPN (RAVPN) service and could allow remote, unauthenticated attackers to cause a denial-of-service (DoS) condition.
| Product | RAVPN |
| Date | 2024-10-29 16:03:07 |
| Information |
|
Technical Summary
CVE-2024-20481 is a vulnerability stemming from resource exhaustion in the RAVPN service of Cisco ASA and FTD software. Attackers can exploit this flaw by sending a high volume of VPN authentication requests, which can cause a DoS of the RAVPN service. Cisco has also released patches for three other critical vulnerabilities affecting FTD software, Secure Firewall Management Center (FMC) software, and Adaptive Security Appliance (ASA).
Recommendations
- Apply the latest Cisco updates as soon as possible to resolve CVE-2024-20481 and the other critical vulnerabilities.
- Enable logging, configure threat detection for remote access VPN services, and apply hardening measures such as disabling AAA authentication and manually blocking connection attempts from unauthorized sources to mitigate the impact of this vulnerability.
- Be vigilant for ongoing brute-force attacks targeting VPNs, web application authentication interfaces, and SSH services, as these vulnerabilities are being actively exploited by malicious actors.
[Callforaction-THREAT-Footer]
