skip navigation
skip mega-menu

Security Bulletin: Cisco ASA and FTD Vulnerabilities Exploited by State-Sponsored Threat Actor in Espionage Campaign

Summary of Bulletin:

  • On April 24, 2024, Cisco Talos and several government security agencies published details on a sophisticated threat campaign focused on espionage and gaining unauthorized access to sensitive information from targeted government entities and organizations in critical infrastructure.
  • While the initial access vector has not yet been identified in this campaign, Cisco is continuing to investigate the possibility of an unauthenticated Remote Code Execution (RCE) vulnerability.
  • The campaign documented by Cisco involved the deployment of several malware implants to conduct malicious activities, including configuration modification, network traffic capture, and lateral movement.
  • According to Cisco, the following vulnerabilities were abused by the threat actor to establish persistence on targeted devices:
    • CVE-2024-20353: Denial-of-Service (DoS) - Allows an unauthenticated, remote attacker to cause a device to reload unexpectedly, leading to a DoS condition.
    • CVE-2024-20359: Persistent Local Code Execution - Allows an authenticated, local attacker to execute arbitrary code with root-level privileges, provided they have administrator-level privileges.

Subscribe to our newsletter

Sign up here