Cisco Adaptive Security Appliance and Firepower Threat Defense Vulnerabilities
On Tuesday, April 24th, 2024, Cisco released advisories concerning multiple high-severity vulnerabilities in their Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software, as part of a response to an ongoing, state-sponsored campaign known as ArcaneDoor. These vulnerabilities, identified as CVE-2024-20353, CVE-2024-20359, and CVE-2024-20358, were actively exploited to deploy malware and execute commands on compromised devices.
Cisco Adaptive Security Appliance and Firepower Threat Defense Vulnerabilities
Severity:
- CVE-2024-20353 - High with a 8.6/10 CVSS
- CVE-2024-20359 - Medium with a 6.0/10 CVSS
- CVE-2024-20358 - Medium with a 6.0/10 CVSS
Exploitation Status: Actively exploited as part of the ArcaneDoor campaign
Impact
CVE-2024-20353
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
CVE-2024-20359
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
CVE-2024-20353
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
Affected Products & Remediation
Adaptive Security Appliances
| Version | Remediation |
| 9.12.x | upgrade to 9.12.4.67 |
| 9.14.x | upgrade to 9.14.4.24 |
| 9.16.x | upgrade to 9.16.4.57 |
| 9.17.x | upgrade to 9.17.1.39 |
| 9.18.x | upgrade to 9.18.4.22 |
| 9.19.x | upgrade to 9.19.1.28 |
| 9.20.x | upgrade to 9.20.2.10 |
Firepower Threat Defense
| Version | Remediation |
| 6.4.0 | upgrade to 6.4.0.18 |
| 6.6.0 | upgrade to 6.6.7.2 |
| 7.0 | upgrade to 7.0.6.2 |
| 7.1 | Migrate to a fixed release in a different train |
| 7.2 | upgrade to 7.2.6 |
| 7.3 | upgrade to 7.3.1.2 (no ETA) |
| 7.4 | upgrade to 7.4.1.1 |
Recommendations
Cisco has released software updates to address these vulnerabilities. There are no workarounds.
References
- Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms
- Cisco CVE-2024-20353 Security Advisory
- Cisco CVE-2024-20359 Security Advisory
- Cisco CVE-2024-20358 Security Advisory
What is Digital Hands Doing?
For managed customers, Digital Hands is identifying devices with a vulnerable configuration. If a vulnerable configuration is found, we will contact customers to schedule upgrades.
If you are not a Digital Hands customer, we recommend you follow the directions outlined in the Cisco security advisories to update your appliances as soon as possible.