Cisco has recently issued a patch to address a critical denial-of-service (DoS) vulnerability in its VPN that has been actively exploited by cyber attackers. The bug, known as CVE-2024-20481 and rated with a CVSS score of 5.8, targets the Remote Access VPN (RAVPN) feature present in both the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software. If successfully exploited, this vulnerability could potentially enable an unauthenticated remote attacker to launch a DoS attack, leading to disruptions within the RAVPN service.
According to Cisco’s advisory on the flaw, the vulnerability can be leveraged for resource exhaustion by inundating the affected device with a large volume of VPN authentication requests. This type of attack is commonly associated with automated brute-force or password-spray attacks, where cybercriminals attempt to guess passwords by systematically trying different combinations until the correct one is found. In response to this threat, Cisco has urged organizations to be vigilant and take proactive measures to protect their VPN services from such attacks.
In the event of a successful exploit, Cisco has warned that a device reload may be necessary to restore the RAVPN service. However, the company has assured users that services unrelated to VPN are not affected by this vulnerability. To address the issue, Cisco has released software updates aimed at mitigating the flaw, although the company has emphasized that there are no alternative workarounds available at this time.
In addition to releasing the patch, Cisco has provided guidelines to help organizations defend against password-spray attacks and strengthen the security of their VPN services. These recommendations include enabling logging to monitor potential threats, configuring threat detection mechanisms for remote access VPN services, implementing hardening measures to enhance security, and manually blocking connection attempts from unauthorized sources.
It is crucial for organizations utilizing Cisco’s RAVPN feature to promptly install the necessary software updates and follow the recommended security practices to safeguard their networks from potential cyber threats. Failure to address this vulnerability could leave systems exposed to exploitation by malicious actors seeking to disrupt VPN services and compromise sensitive information. By taking proactive steps to secure their VPN infrastructure, organizations can minimize the risk of falling victim to cyber attacks and ensure the integrity of their network environments.