Technology

Cisco issues emergency fix for VPN tool, users told to update now

021 views

Cisco has issued an emergency fix for bugs in some of its software which are being actively exploited in the wild.

According to a security advisory from the company, the flaw that was patched was found in Adaptive Security Appliance (ASA), and in Firepower Threat Defense (FTD). It is described as a resource exhaustion vulnerability, tracked as CVE-2024-20481. It was given a medium severity rating of 5.8.

Describing the theory behind the attack, Cisco says an attacker could send a large number of VPN authentication requests to a vulnerable device, exhausting its resources. That leads to a Denial-of-Service (DoS) state of the Remote Access VPN (RAVPN) service. Furthermore, since the attackers are sending authentication requests, one just might work (depending on the strength of the login credentials), giving the miscreants unauthorized network access.

Abused in the wild

Depending on the impact of the attack, the victims may need to restore the RAVPN service, Cisco explained.

The good news is that the bug affects only those devices with remote access VPN (RAVPN) service enabled. The bad news is the bug is actively being exploited in the wild, and there is no workaround. Cisco said it is “aware of malicious use of the vulnerability that is described in this advisory,” and the US Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its Known Exploited Vulnerabilities (KEV) catalog.

Cisco’s VPN tools are hugely popular across the world, and are being equally used by both SMBs and large enterprises. Therefore, they are a major target for cybercriminals looking to weasel their way into corporate IT infrastructure.

In fact, the company’s cybersecurity department, Talos, recently warned it’s tracking an increase in brute-force attacks against VPNs, The Register reminds. “These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies,” Talos said.

Cisco takes its developer hub offline following data theftHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now

Related posts

Finance giant Finastra warns clients of potential data breach

Let’s keep in touch: TCL CSOT is the biggest name in display tech that you’ve probably never heard of

If this Sonos TV streaming box report is right, it’s doomed before it ever launches

Add Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More