Another week, another high severity vulnerability.
The Zero Days have been used to compromise government networks and there is no workaround except for patching.
Cisco ASA’s this time:
- CVE-2024-20353 (High) - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
- CVE-2024-20359 (High) - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
- CVE-2024-20358 (Medium) - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8Wysm
More info:
- https://www.cisa.gov/news-events/alerts/2024/04/24/cisco-releases-security-updates-addressing-arcanedoor-vulnerabilities-cisco-firewall-platforms
- https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
- https://www.helpnetsecurity.com/2024/04/24/cve-2024-20353-cve-2024-20359/
- https://www.bleepingcomputer.com/news/security/arcanedoor-hackers-exploit-cisco-zero-days-to-breach-govt-networks/
- https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf
- https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-runner.pdf
- https://www.cyber.gc.ca/en/news-events/cyber-activity-impacting-cisco-asa-vpns
IOCs:
- 185.244.210..]65
- 5.183.953.]95
- 213.156.138..]77
- 45.77.547.]14
- 45.77.527.]253
- 45.63.119..]131
- 194.32.782.]183
- 185.244.210..]120
- 216.238.818.]149
- 216.238.858.]220
- 216.238.748.]95
- 45.128.134..]189
- 176.31.181.]153
- 216.238.728.]201
- 216.238.718.]49
- 216.238.668.]251
- 216.238.868.]24
- 216.238.758.]155
- 154.39.142..]47
- 139.162.135..]12
Man 2024 has started out well with security stuff, not looking forward to the rest of the year. 