On Tuesday, April 24th, 2024, Cisco released advisories concerning multiple high-severity vulnerabilities in their Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software, as part of a response to an ongoing, state-sponsored campaign known as ArcaneDoor. These vulnerabilities, identified as CVE-2024-20353, CVE-2024-20359, and CVE-2024-20358, were actively exploited to deploy malware and execute commands on compromised devices.
Severity:
Exploitation Status: Actively exploited as part of the ArcaneDoor campaign
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
| Version | Remediation |
| 9.12.x | upgrade to 9.12.4.67 |
| 9.14.x | upgrade to 9.14.4.24 |
| 9.16.x | upgrade to 9.16.4.57 |
| 9.17.x | upgrade to 9.17.1.39 |
| 9.18.x | upgrade to 9.18.4.22 |
| 9.19.x | upgrade to 9.19.1.28 |
| 9.20.x | upgrade to 9.20.2.10 |
| Version | Remediation |
| 6.4.0 | upgrade to 6.4.0.18 |
| 6.6.0 | upgrade to 6.6.7.2 |
| 7.0 | upgrade to 7.0.6.2 |
| 7.1 | Migrate to a fixed release in a different train |
| 7.2 | upgrade to 7.2.6 |
| 7.3 | upgrade to 7.3.1.2 (no ETA) |
| 7.4 | upgrade to 7.4.1.1 |
Cisco has released software updates to address these vulnerabilities. There are no workarounds.
For managed customers, Digital Hands is identifying devices with a vulnerable configuration. If a vulnerable configuration is found, we will contact customers to schedule upgrades.
If you are not a Digital Hands customer, we recommend you follow the directions outlined in the Cisco security advisories to update your appliances as soon as possible.