Cisco Product Security Update Advisory

Overview

 

Cisco has released security updates that address vulnerabilities in Cisco products. users of affected products are advised to update to the latest version.

 

Affected Products

 

Cve-2024-20353, cve-2024-20359

• prior to 7.fTD versions 0.6.2 
• prior to 9.aSA versions 16.4.57

 

Resolved Vulnerabilities

 

Vulnerability in the management and VPN web servers for Cisco ASA and Cisco FTD that could allow an unauthenticated remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) (CVE-2024-20353)
Vulnerability in legacy functionality that allows preloading of VPN clients and plugins on Cisco ASA and Cisco FTD that could allow arbitrary code execution with root-level privileges by an authenticated local attacker (CVE-2024-20359)

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites[1],[2],[3] to update to the latest Vulnerability Patches version.

 

Referenced Sites

 

[1] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2

[2] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h#fs

[3] Cisco Event Response: Attacks Against Cisco Firewall Platforms

https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response

[4] Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-043