March 7, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Microsoft Resolves Exchange Security Update Problems Using Hotfixes
April 24, 2024STOP aka DJVU Ransomware – Active IOCs
April 25, 2024Microsoft Resolves Exchange Security Update Problems Using Hotfixes
April 24, 2024STOP aka DJVU Ransomware – Active IOCs
April 25, 2024
Severity
High
Analysis Summary
CVE-2024-20353 CVSS:8.6
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software could allow an unauthenticated remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
CVE-2024-20359 CVSS:6.0
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins which has been available in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) software could allow an authenticated local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
Impact
- Denial of Service
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-20353
- CVE-2024-20359
Affected Vendors
Cisco
Affected Products
- Cisco Adaptive Security Appliance (ASA) Software
- Cisco Firepower Threat Defense (FTD) Software
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.