Black Arrow Cyber Advisory 25 April 2024 – Cisco ASA and FTD Zero-days Exploited by Nation-state Hackers, Patch Now
Executive summary
Cisco has published a security advisory warning regarding an active attack campaign labelled as “ArcaneDoor”. The campaign involves threat actors exploiting vulnerabilities in Cisco Adaptive Security Appliance (ASA) or Cisco Firepower Threat Defense (FTD) to implant previously unknown malware, execute commands and exfiltrate data. Activity is thought to have begun in early January 2024.
What’s the risk to me or my business?
There is a risk that organisations running vulnerable software versions of Cisco ASA or FTD are leaving themselves at risk of allowing an attacker to implant malware, execute commands and exfiltrate data, impacting the confidentiality, integrity and availability of data. There is no current workaround, and Cisco advises to upgrade to a fixed software release immediately.
What can I do?
Black Arrow recommends following Cisco’s advice, and applying patches immediately. Additionally, organisations can also open a case with Cisco Technical Assistance Center, referencing the keyword “ArcaneDoor” to verify the integrity of their Cisco ASA or FTD devices. Further information on this can be found in the advisory provided by Cisco.
Technical Summary
CVE-2024-20353- a denial of service vulnerability impacting Cisco ASA and FTD software.
CVE-2024-20359- A privilege escalation vulnerability, which could allow an authenticated local attacker to execute code with the highest level of privilege. Administrator level privileges are required to exploit this vulnerability.
Further information can be found below.
The advisories provided by Cisco can be found here:
https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity