Cisco ASA and FTD zero day used in password spraying attacks
searchsecurity.techtarget.comOne day after Cisco disclosed a zero-day vulnerability discovered in its VPN software, CISA added the flaw to its Known Exploited Vulnerabilities catalog.
- Arielle Waldman, News Writer
Cisco disclosed and patched a zero-day vulnerability that was used in a brute force password spraying campaign the company observed in April.
In a security advisory published on Wednesday, Cisco detailed the zero-day vulnerability, tracked as CVE-2024-20481, that affects software used in the Remote Access VPN (RAVPN) service of Cisco Adaptative Security Appliance (ASA) and Firepower Threat Defense (FTD). Cisco warned that successful exploitation could allow an unauthenticated, remote attacker to cause a DoS of the RAVPN. CISA added CVE-2024-20481 to its Known Exploited Vulnerabilities catalog on Thursday.
While Cisco disclosed and patched the zero-day vulnerability this week, the vendor initially discovered it while investigating a brute force password spraying campaign in April. Cisco recommended that organizations ...
Copyright of this story solely belongs to searchsecurity.techtarget.com . To see the full text click HERE