Fortra’s Alert Logic is actively investigating an attack campaign dubbed “ArcaneDoor” against Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) software. The campaign has been used to implant malware, execute commands, and potentially exfiltrate data. While the initial attack vector has not yet been identified, Cisco has identified three vulnerabilities impacting these devices, two of which have been used within the attack.
- CVE-2024-20353
- CVE-2024-20358
- CVE-2024-20359
All three vulnerabilities have been patched as part of the Cisco Threat Response.
Who is affected?
The following versions of Cisco ASA and Cisco FTD are affected:
- Cisco Adaptive Security Appliance (ASA) Software 9.12 up to and including 9.12.4.65
- Cisco Adaptive Security Appliance (ASA) Software 9.14 up to and including 9.14.4.23
- Cisco Adaptive Security Appliance (ASA) Software 9.15 up to and including 9.15.1.21
- Cisco Adaptive Security Appliance (ASA) Software 9.16 up to and including 9.16.4.55
- Cisco Adaptive Security Appliance (ASA) Software 9.17 up to and including 9.17.1.33
- Cisco Adaptive Security Appliance (ASA) Software 9.18 up to and including 9.18.4.8
- Cisco Adaptive Security Appliance (ASA) Software 9.19 up to and including 9.19.1.27
- Cisco Adaptive Security Appliance (ASA) Software 9.20 up to and including 9.20.2
- Cisco Adaptive Security Appliance (ASA) Software 9.8 up to and including 9.8.4.48
- Cisco Firepower Threat Defense Software 6.2 up to and including 6.2.3.18
- Cisco Firepower Threat Defense Software 6.4 up to and including 6.4.0.17
- Cisco Firepower Threat Defense Software 6.6 up to and including 6.6.7.1
- Cisco Firepower Threat Defense Software 6.7 up to and including 6.7.0.3
- Cisco Firepower Threat Defense Software 7.0 up to and including 7.0.6.1
- Cisco Firepower Threat Defense Software 7.1 up to and including 7.1.0.3
- Cisco Firepower Threat Defense Software 7.2 up to and including 7.2.5.1
- Cisco Firepower Threat Defense Software 7.3 up to and including 7.3.1.1
- Cisco Firepower Threat Defense Software 7.4 up to and including 7.4.1
What can I do?
Cisco has released software updates that address these vulnerabilities. Alert Logic recommends updating as soon as possible.
For more information on this attack campaign and Cisco’s response, including specific mitigation steps for each vulnerability, refer to Cisco’s Event Response advisory.
How is Alert Logic helping me?
Fortra is actively researching this threat to build detection capabilities in addition to those listed below.
Vulnerability Scanning: Alert Logic released unauthenticated scan coverage on April 26, 2024, to check for vulnerable versions of Cisco ASA. Authenticated scan coverage was released on May 2, 2024, to check for vulnerable versions of Cisco Firepower. If any of these vulnerabilities are found, an exposure (EIDs: 262435, 262477, or 262478) will be raised based on which vulnerabilities are found.
Updates
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
Comments
0 comments
Please sign in to leave a comment.