Cisco issues emergency fix for VPN tool, users told to update now
Hackers are causing Denial of Service states trying to breach networks
Cisco has issued an emergency fix for bugs in some of its software which are being actively exploited in the wild.
According to a security advisory from the company, the flaw that was patched was found in Adaptive Security Appliance (ASA), and in Firepower Threat Defense (FTD). It is described as a resource exhaustion vulnerability, tracked as CVE-2024-20481. It was given a medium severity rating of 5.8.
Describing the theory behind the attack, Cisco says an attacker could send a large number of VPN authentication requests to a vulnerable device, exhausting its resources. That leads to a Denial-of-Service (DoS) state of the Remote Access VPN (RAVPN) service. Furthermore, since the attackers are sending authentication requests, one just might work (depending on the strength of the login credentials), giving the miscreants unauthorized network access.
Abused in the wild
Depending on the impact of the attack, the victims may need to restore the RAVPN service, Cisco explained.
The good news is that the bug affects only those devices with remote access VPN (RAVPN) service enabled. The bad news is the bug is actively being exploited in the wild, and there is no workaround. Cisco said it is "aware of malicious use of the vulnerability that is described in this advisory," and the US Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its Known Exploited Vulnerabilities (KEV) catalog.
Cisco’s VPN tools are hugely popular across the world, and are being equally used by both SMBs and large enterprises. Therefore, they are a major target for cybercriminals looking to weasel their way into corporate IT infrastructure.
In fact, the company’s cybersecurity department, Talos, recently warned it’s tracking an increase in brute-force attacks against VPNs, The Register reminds. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Talos said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
- Cisco takes its developer hub offline following data theft
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.