Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service attacks.
The bug, CVE-2024-20481, is a medium-severity flaw that's due to resource exhaustion, earning a 5.8 CVSS rating. According to Cisco, it only affects devices that have the remote access VPN (RAVPN) service enabled.
Plus, Cisco noted it is "aware of malicious use of the vulnerability that is described in this advisory."
The Register reached out to Cisco for additional information about the scope of the attacks, and who is behind them. We'll update this story if and when we hear back.
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday also sounded the alarm about the vulnerability, adding CVE-2024-20481 to its Known Exploited Vulnerabilities Catalog.
While there are no workarounds for this bug, Cisco has released software updates that patch the hole. Plus, for customers needing to upgrade an FTD device, there's this guidance.
We know that the Russians, Chinese, and even run-of-the mill, financially motivated crims love to target buggy appliances, so we'd suggest heeding the advice coming from the feds and netzilla, and patch now.
The way these brute-force attacks work: an attacker spams the vulnerable devices with a tsunami of VPN authentication requests using a combination of generic and valid until they get a hit. This gives the criminals unauthorized network access, plus the ability to lock legit users out of their accounts, or, as appears to be the case in these incidents, exhaust the machine's resources and lead to denial of service conditions on the VPN.
"Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service," the networking giant warned.
Talos, Cisco's threat intelligence arm, noted it has been monitoring an uptick in brute-force attacks against VPNs since at least March. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Talos said.
To help mitigate against password-spray attacks, Cisco has also published a series of recommendations that are worth a read, as is the vendor's full list of indicators of compromise provided in the security advisory. ®
Puts Chief Tightwad Officers on notice
Partner Content How GitGuardian enables auditing of GitHub footprints to mitigate past, present, and future leaks
On Call Not paying what you agreed for a job can prove expensive in the long run
Artificial General Intelligence readiness advisor Miles Brundage bails, because nobody is ready
Station claims its visionary, ex-employees claim it cynical; reality appears way more fiscal
AI model repo promises lower costs, broader compatibility for NIMs competitor
Who doesn't love abusing buggy appliances, really?