Another week, another high severity vulnerability.
The Zero Days have been used to compromise government networks and there is no workaround except for patching.
Cisco ASA’s this time:
- CVE-2024-20353 (High) - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
- CVE-2024-20359 (High) - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
- CVE-2024-20358 (Medium) - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8Wysm
More info:
- https://www.cisa.gov/news-events/alerts/2024/04/24/cisco-releases-security-updates-addressing-arcanedoor-vulnerabilities-cisco-firewall-platforms
- https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
- https://www.helpnetsecurity.com/2024/04/24/cve-2024-20353-cve-2024-20359/
- https://www.bleepingcomputer.com/news/security/arcanedoor-hackers-exploit-cisco-zero-days-to-breach-govt-networks/
- https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf
- https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-runner.pdf
- https://www.cyber.gc.ca/en/news-events/cyber-activity-impacting-cisco-asa-vpns
IOCs:
- 185.244.210[.]65
- 5.183.95[.]95
- 213.156.138[.]77
- 45.77.54[.]14
- 45.77.52[.]253
- 45.63.119[.]131
- 194.32.78[.]183
- 185.244.210[.]120
- 216.238.81[.]149
- 216.238.85[.]220
- 216.238.74[.]95
- 45.128.134[.]189
- 176.31.18[.]153
- 216.238.72[.]201
- 216.238.71[.]49
- 216.238.66[.]251
- 216.238.86[.]24
- 216.238.75[.]155
- 154.39.142[.]47
- 139.162.135[.]12