Getty Images/iStockphoto
Cisco ASA and FTD zero day used in password spraying attacks
One day after Cisco disclosed a zero-day vulnerability discovered in its VPN software, CISA added the flaw to its Known Exploited Vulnerabilities catalog.
Cisco disclosed and patched a zero-day vulnerability that was used in a brute force password spraying campaign the company observed in April.
In a security advisory published on Wednesday, Cisco detailed the zero-day vulnerability, tracked as CVE-2024-20481, that affects software used in the Remote Access VPN (RAVPN) service of Cisco Adaptative Security Appliance (ASA) and Firepower Threat Defense (FTD). Cisco warned that successful exploitation could allow an unauthenticated, remote attacker to cause a DoS of the RAVPN. CISA added CVE-2024-20481 to its Known Exploited Vulnerabilities catalog on Thursday.
While Cisco disclosed and patched the zero-day vulnerability this week, the vendor initially discovered it while investigating a brute force password spraying campaign in April. Cisco recommended that organizations monitor the volume of authentication requests to determine if they've been affected by a password spraying attack.
"A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected," Cisco wrote in the security advisory. "Cisco Talos discussed these attacks in the blog post."
In the April blog post, Cisco said a global brute force campaign that targeted a variety of products including VPN services had been ongoing since at least March. Affected products included Cisco Secure Firewall VPN as well as VPN products from Check Point Software Technologies, Fortinet and SonicWall.
TechTarget Editorial contacted Cisco, but the vendor did not respond at press time.
While CVE-2024-20481 received a medium-severity CVSS score of 5.3, Cisco ASA and FTD vulnerabilities are popular targets for threat actors. Earlier this year, Cisco disclosed two zero-day flaws in ASA and FTD that nation-state threat actors used to target government networks. Additionally, cyber insurer Coalition published its "2024 Cyber Claims Report" in April that showed policyholder claims related to ASA devices skyrocketed in 2023.
Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.