Detections
Analytics

CVE-2024-20353

high

Description

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.

References

https://www.hivepro.com/threat-digest/attacks-vulnerabilities-and-actors-22-to-28-april-2024/

https://www.tenable.com/blog/cve-2024-20353-cve-2024-20359-frequently-asked-questions-about-arcanedoor

https://www.tenable.com/blog/cve-2024-20353-cve-2024-20359-frequently-asked-questions-about-arcanedoor

https://securityaffairs.com/162308/security/cisa-adds-cisco-asa-and-ftd-and-crushftp-vfs-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://thecyberthrone.in/2024/04/25/cisa-kev-update-april-2024-part-ii/

https://www.bleepingcomputer.com/news/security/arcanedoor-hackers-exploit-cisco-zero-days-to-breach-govt-networks/?&web_view=true

https://thecyberthrone.in/2024/04/25/arcanedoor-exploits-cisco-asa-and-ftd/

https://www.theregister.com/2024/04/24/spies_cisco_firewall/

https://blog.qualys.com/vulnerabilities-threat-research/2024/04/24/arcanedoor-unlocked-tackling-state-sponsored-cyber-espionage-in-network-perimeters

https://securityaffairs.com/162244/apt/nation-state-actors-exploited-two-zero-days-in-asa-and-ftd-firewalls-to-breach-government-networks.html

https://www.bleepingcomputer.com/news/security/arcanedoor-hackers-exploit-cisco-zero-days-to-breach-govt-networks/

https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2

Details

Source: Mitre, NVD

Published: 2024-04-24

Updated: 2024-04-26

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Severity: High