Cisco Clamps Down on ArcaneDoor: Urgent Updates Slam Shut ASA and FTD Vulnerabilities

Crack open the security seal, Cisco’s got updates hotter than a firewall in July! ArcaneDoor won’t stand a chance against these patches. Quick, before a hacker RSVPs to your system’s vulnerability party! #CybersecurityTango

Hot Take:

Looks like Cisco’s playing Whack-a-Mole with cyber threats again, and this time the moles have fancier names like ArcaneDoor. If you’re using Cisco’s gadgets to keep your precious data safe, it’s time to roll up your sleeves, put on your patching pants, and show these virtual vermin who’s boss. And just when you thought you could binge-watch your favorite show in peace, along comes CISA, waving a red flag and urging everyone to update faster than you can say “CVE-2024-20353” three times fast.

Key Points:

  • Cisco’s latest fashion line includes patches for vulnerabilities in their ASA devices and FTD software, making it this season’s must-have accessory for network admins.
  • The vulnerabilities, known as CVE-2024-20353, CVE-2024-20359, and CVE-2024-20358, are so popular they’ve already been autographed by cyber threat actors.
  • CISA has added CVE-2024-20353 and CVE-2024-20359 to its Known Exploited Vulnerabilities Catalog, essentially giving them VIP status in the world of cyber nasties.
  • Applying these updates is less of a recommendation and more of a “do it now or risk cyber doom” kind of situation.
  • If you find any digital breadcrumbs left by these cyber pests, CISA wants you to report back like a good cyber scout.
Cve id: CVE-2024-20359
Cve state: PUBLISHED
Cve assigner short name: cisco
Cve date updated: 04/24/2024
Cve description: A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Cve id: CVE-2024-20358
Cve state: PUBLISHED
Cve assigner short name: cisco
Cve date updated: 04/24/2024
Cve description: A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root.

Cve id: CVE-2024-20353
Cve state: PUBLISHED
Cve assigner short name: cisco
Cve date updated: 04/24/2024
Cve description: A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.

Need to know more?

When Gadgets Go Wild:

Imagine your trusty Cisco ASA device or FTD software is like a bouncer at the club of your network, keeping the riffraff out. Now imagine that bouncer has been hypnotized by a trio of vulnerabilities, collectively known as ArcaneDoor, and is letting all sorts of shady characters slip through the velvet rope. That's the situation we're dealing with here, folks. But fear not, Cisco has conjured up some magic in the form of security updates to snap your bouncer out of its trance and get it back to bouncing.

The VIP List of Villainy:

In cybersecurity, being famous isn't always a good thing. Just ask CVE-2024-20353 and CVE-2024-20359, who've found themselves on the CISA's cyber equivalent of the Hollywood Walk of Fame, the Known Exploited Vulnerabilities Catalog. This is the list you don't want your vulnerabilities to end up on, but if they do, you can bet they've been up to no good. It's like getting an invitation to the Evil Geniuses Ball—prestigious, but in a "destroy the world" kind of way.

Patch Parade:

If you're in charge of keeping networks safe, you might as well start parading around with your patches like they're the latest trend. CISA isn't just asking you to update; they're practically shouting it from the rooftops. They're urging you to slap those updates on quicker than a cat meme goes viral. So you better hurry, before your network's security becomes as outdated as a flip phone.

Snitching on Cyber Sneaks:

But wait, there's more! If during your digital detective work you stumble upon signs that these cyber sneaks have been partying it up in your system, you're under strict orders to report back to CISA with all the juicy details. Consider it your civic duty to snitch on these binary bandits. After all, nobody likes a party crasher, especially when the party is your secure network.

Required Reading for the Responsible:

Last but not least, for those who like to dive deeper than a submarine in a James Cameron movie, there's a list of riveting articles to peruse. Because nothing complements a good security update like a cozy evening spent reading about all the ways the internet is trying to ruin your day. So grab a cup of tea, your favorite security blanket (pun intended), and get to reading. Knowledge is power, and in this case, it might just save your network from becoming the next victim of the ArcaneDoor saga.

Tags: ArcaneDoor, CISA advisory, Cisco ASA, Cisco FTD, CVE-2024-20353, CVE-2024-20359, security updates