Cisco Systems recently issued a critical advisory warning about a vulnerability in the Remote Access VPN (RAVPN) service associated with its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability could potentially allow an unauthenticated, remote attacker to carry out a denial of service (DoS) attack on the RAVPN service, affecting organizations relying on these security tools.
The Common Vulnerability Scoring System (CVSS) score for this exploit is 5.8, identified by the CVE identifier CVE-2024-20481 and classified under CWE-772. The investigation into these vulnerabilities revealed that they stem from resource exhaustion, where an attacker could exploit this weakness by inundating an affected device with VPN authentication requests.
Such an attack could deplete system resources, leading to a complete denial of service for the RAVPN service. In case of successful exploitation, the affected device may require a reboot to restore functionality, while services unrelated to the VPN remain unaffected by this vulnerability. The surge in brute-force attacks targeting VPNs and SSH services, utilizing commonly used login credentials as highlighted by Cisco’s security research team, underscores the critical need for enhanced security measures in network environments.
At the time of the advisory’s release, Cisco ASA and FTD software running vulnerable releases with the RAVPN service enabled were at risk. Organizations utilizing these products should verify their software version against the advisory’s guidelines to ascertain vulnerability status. Importantly, there are currently no workarounds available to mitigate this specific vulnerability, necessitating immediate action for affected users. Cisco has confirmed that several of its products, such as IOS Software, IOS XE Software, Meraki products, NX-OS Software, and Secure Firewall Management Center (FMC) Software, are not affected by this vulnerability.
Organizations are advised to check if the SSL VPN feature is enabled on their devices by utilizing a specific command. Furthermore, Cisco emphasizes the importance of upgrading to the latest software versions to address vulnerabilities, with ongoing consultation of Cisco’s security advisories being vital to ensure the use of updated software. Proactive monitoring, timely upgrades, and the implementation of strong security practices are essential for safeguarding network infrastructures.
Ultimately, organizations using Cisco Adaptive Security Appliance and Firepower Threat Defense Software must respond promptly to the identified vulnerability affecting the Remote Access VPN service. It is crucial to follow recommended actions to mitigate risks and stay vigilant against online threats. For further details, organizations can refer to the full advisory for comprehensive guidance on protecting their networks.