Updates have been issued by Cisco to fix a medium-severity flaw in its Adaptive Security Appliance's and Firepower Threat Defense Software's Remote Access VPN service, tracked as CVE-2024-20481, which has already been leveraged in ongoing attacks, according to The Hacker News.
Threat actors could exploit the vulnerability, which stems from resource exhaustion, to facilitate a denial-of-service condition in impacted devices' RAVPN service, said Cisco, who also recommended logging activation, threat detection configuration for remote access VPNs, AAA authentication deactivation, and manual blocking of unauthorized connection attempts to mitigate password spraying attacks. Also addressed by Cisco were a trio of critical issues in ASA, Secure Firewall Management Center Software, and FTD Software, tracked as CVE-2024-20329, CVE-2024-20424, and CVE-2024-20412. Such a development comes months after brute-force intrusions against VPN and SSH services, as well as web app authentication interfaces, were reported by Cisco Talos researchers to have surged since March. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," said researchers of the intrusions.
