Tech »  Topic »  Cisco issues emergency fix for VPN tool, users told to update now

Cisco issues emergency fix for VPN tool, users told to update now

4 weeks, 1 day ago   techradar.com

Cisco has issued an emergency fix for bugs in some of its software which are being actively exploited in the wild.

According to a security advisory from the company, the flaw that was patched was found in Adaptive Security Appliance (ASA), and in Firepower Threat Defense (FTD). It is described as a resource exhaustion vulnerability, tracked as CVE-2024-20481. It was given a medium severity rating of 5.8.

Describing the theory behind the attack, Cisco says an attacker could send a large number of VPN authentication requests to a vulnerable device, exhausting its resources. That leads to a Denial-of-Service (DoS) state of the Remote Access VPN (RAVPN) service. Furthermore, since the attackers are sending authentication requests, one just might work (depending on the strength of the login credentials), giving the miscreants unauthorized network access.

Abused in the wild

Depending on the impact of the attack, the victims may need to ...


Copyright of this story solely belongs to techradar.com . To see the full text click HERE

More related news