Friday, April 26, 2024

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

  1. Upgrade your Cisco ASA to the below versions: (Depend on your Cisco ASA support which version)
    9.16.4.57
    9.18.4.22
    9.20.2.10
  2. Check your firewall log or SIEM to see if there are any IOC IP hit your log.

For more detail of the IOC, please check:
https://www.cyber.gc.ca/en/news-events/cyber-activity-impacting-cisco-asa-vpns

Check your Cisco ASA compatibility:
https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html


Reference:
https://www.helpnetsecurity.com/2024/04/24/cve-2024-20353-cve-2024-20359/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2?s=08
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h

Print Friendly and PDF
Share/Bookmark
Posted by Billy Fung at 1:36 AM
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)