Cisco issues emergency fix for VPN tool, users told to update now

Cisco has issued an emergency fix for bugs in some of its software which are being actively exploited in the wild.

According to a security advisory from the company, the flaw that was patched was found in Adaptive Security Appliance (ASA), and in Firepower Threat Defense (FTD). It is described as a resource exhaustion vulnerability, tracked as CVE-2024-20481. It was given a medium severity rating of 5.8.

Describing the theory behind the attack, Cisco says an attacker could send a large number of VPN authentication requests to a vulnerable device, exhausting its resources. That leads to a Denial-of-Service (DoS) state of the Remote Access VPN (RAVPN) service. Furthermore, since the attackers are sending authentication requests, one just might work (depending on the strength of the login credentials), giving the miscreants unauthorized network access.

Abused in the wild

Depending on the impact of the attack, the victims may need to restore the RAVPN service, Cisco explained.

The good news is that the bug affects only those devices with remote access VPN (RAVPN) service enabled. The bad news is the bug is actively being exploited in the wild, and there is no workaround. Cisco said it is “aware of malicious use of the vulnerability that is described in this advisory,” and the US Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its Known Exploited Vulnerabilities (KEV) catalog.

Cisco’s VPN tools are hugely popular across the world, and are being equally used by both SMBs and large enterprises. Therefore, they are a major target for cybercriminals looking to weasel their way into corporate IT infrastructure.

In fact, the company’s cybersecurity department, Talos, recently warned it’s tracking an increase in brute-force attacks against VPNs, The Register reminds. “These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies,” Talos said.

Cisco takes its developer hub offline following data theftHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now

Related posts

Sony CEO says the company started working on the PS5 Pro well before the PS5 launch, “it was another five-year project for us”

Samsung One UI 7 beta tipped to land this month – and a new leak has revealed most of its features

Top online animation tool LottieFiles hacked to target victim crypto wallets

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More