SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs
October 25, 2024Multiple WordPress Plugins Vulnerabilities
October 25, 2024SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs
October 25, 2024Multiple WordPress Plugins Vulnerabilities
October 25, 2024Severity
High
Analysis Summary
CVE-2024-20412 CVSS:9.3
Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow a local attacker to gain unauthorized access to the system, caused by the presence of static accounts with hard-coded passwords on an affected system. By logging in to the CLI of an affected device with these credentials, an attacker could exploit this vulnerability to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device.
CVE-2024-20495 CVSS:8.6
A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value.
CVE-2024-20260 CVSS:8.6
A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management.
CVE-2024-20402 CVSS:8.6
A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL.
CVE-2024-20494 CVSS:8.6
Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense are vulnerable to a denial of service, caused by improper data validation during the TLS 1.3 handshake. By sending a specially crafted TLS 1.3 packet to an affected system through a TLS 1.3-enabled listening socket, a remote attacker could exploit this vulnerability to cause the device to reload.
CVE-2024-20351 CVSS:8.6
A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of TCP/IP network traffic. An attacker could exploit this vulnerability by sending a large amount of TCP/IP network traffic.
CVE-2024-20424 CVSS:9.9
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device.
CVE-2024-20426 CVSS:8.6
A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit.
CVE-2024-20268 CVSS:7.7
A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an unexpected reload of the device. This vulnerability is due to insufficient input validation of SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device using IPv4 or IPv6.
CVE-2024-20339 CVSS:8.6
A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an issue that occurs when TLS traffic is processed. An attacker could exploit this vulnerability by sending certain TLS traffic over IPv4 through an affected device.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-20412
- CVE-2024-20495
- CVE-2024-20260
- CVE-2024-20402
- CVE-2024-20494
- CVE-2024-20351
- CVE-2024-20424
- CVE-2024-20426
- CVE-2024-20268
- CVE-2024-20339
Affected Vendors
Affected Products
- Cisco Firepower Threat Defense Software - 7.1.0 - 7.1.0.1 - 7.1.0.2 - 7.1.0.3 - 7.2.0 - 7.2.0.1 - 7.2.1 - 7.2.2 - 7.2.3 - 7.2.4 - 7.2.4.1 - 7.2.5 - 7.2.5.1 - 7.2.6 - 7.2.7 - 7.2.5.2 - 7.3.0 - 7.3.1 - 7.3.1.1 - 7.3.1.2 - 7.4.0 - 7.4.1 - 7.4.1.1
- Cisco Adaptive Security Appliance (ASA) Software - 9.8.4.12 - 9.8.4.15 - 9.8.4.17 - 9.8.4.25 - 9.8.4.20 - 9.8.4.22 - 9.8.4.26 - 9.8.4.29 - 9.8.4.32 - 9.8.4.33 - 9.8.4.34 - 9.8.4.35 - 9.8.4.39 - 9.8.4.40 - 9.8.4.41 - 9.8.4.43 - 9.8.4.44
- Cisco Adaptive Security Appliance (ASA) Software - 9.12.3 - 9.12.1 - 9.8.3 - 9.12.2 - 9.8.1 - 9.8.2 - 9.8.4 - 9.8.2.45 - 9.14.1 - 9.12.4 - 9.8.2.28 - 9.8.2.17 - 9.8.2.14 - 9.8.2.8 - 9.8.2.26 - 9.8.2.38 - 9.8.2.15 - 9.8.2.24 - 9.8.2.35 - 9.8.2.33
- Cisco Adaptive Security Appliance (ASA) Software - 9.8.1 - 9.8.1.5 - 9.8.1.7 - 9.8.2 - 9.8.2.8 - 9.8.2.14 - 9.8.2.15 - 9.8.2.17 - 9.8.2.20 - 9.8.2.24 - 9.8.2.26 - 9.8.2.28 - 9.8.2.33 - 9.8.2.35 - 9.8.2.38 - 9.8.3.8 - 9.8.3.11 - 9.8.3.14
- Cisco Firepower Threat Defense Software - 7.3.0 - 7.3.1 - 7.3.1.1 - 7.3.1.2 - 7.4.0 - 7.4.1 - 7.4.1.1 - 7.4.2
- Cisco Firepower Threat Defense Software - 6.2.3.14 - 6.4.0.1 - 6.2.3.7 - 6.2.3 - 6.4.0.2 - 6.2.3.9 - 6.2.3.1 - 6.2.3.2 - 6.4.0.5 - 6.2.3.10 - 6.4.0 - 6.4.0.3 - 6.2.3.6 - 6.4.0.4
- Cisco Firepower Management Center - 6.2.3 - 6.2.3.1 - 6.2.3.2 - 6.2.3.3 - 6.2.3.4 - 6.2.3.5 - 6.2.3.6 - 6.2.3.7 - 6.2.3.9 - 6.2.3.10 - 6.2.3.11 - 6.2.3.12 - 6.2.3.13 - 6.2.3.14
- Cisco Adaptive Security Appliance (ASA) Software - 9.14.1 - 9.14.1.10 - 9.14.1.6 - 9.14.1.15 - 9.14.1.19 - 9.14.1.30 - 9.15.1 - 9.14.2 - 9.14.2.4 - 9.15.1.7 - 9.14.2.8 - 9.15.1.10 - 9.14.2.13 - 9.15.1.15 - 9.14.2.15 - 9.16.1 - 9.15.1.16
- Cisco Firepower Threat Defense Software - 6.2.3 - 6.2.3.9 - 6.2.3.1 - 6.2.3.2 - 6.2.3.10 - 6.4.0 - 6.4.0.3 - 6.4.0.4 - 6.2.3.15 - 6.2.3.6 - 6.2.3.7 - 6.2.3.12 - 6.2.3.3 - 6.2.3.11 - 6.4.0.6 - 6.2.3.13 - 6.2.3.8 - 6.2.3.4 - 6.4.0.1 - 6.2.3.5
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.