Multiple Vulnerabilities in CISCO Products
Components Affected
- Cisco ASA Software
- Cisco FTD Software
Overview
Multiple vulnerabilities were identified in Cisco Products, where a remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system.
Description
The Vulnerabilities tracked by the CVE-2024-20353 and CVE-2024-20359 are being exploited in the wild. The vulnerability CVE-2024-20353 required users enabling SSL listen sockets on any TCP port to be exploited which impacts the denial of service vulnerability. Whereas the vulnerability tracked by CVE-2024-20359 required a user who have at least resource administrator role privilege to perform critical actions which could cause code execution vulnerability.
Impact
- Denial of Service.
- Elevation of Privilege.
- Remote Code Execution.
Solution/ Workarounds
Apply the following fixes provided by the vendor.
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8Wysm
Reference
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
- https://www.hkcert.org/security-bulletin/cisco-products-multiple-vulnerabilities_20240425
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.
-
The decision we make today on cyber security will determine the security of the society in which we live tomorrow.
Total Users : 205945Designed and Developed by Procons Infotech