Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2024050201054747 | Publication Time | 2024/05/02 13:44 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/05/02 13:44 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software Vulnerability (CVE-2024-20353), Please Confirm and Patch Promptly! |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202405-00000001 Researchers have discovered a Denial of Service (DoS) vulnerability (CVE-2024-20353) in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Remote attackers without authentication can send malicious requests to trigger device reloads, resulting in service disruption. This vulnerability has been exploited by hackers. Please confirm and update promptly. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] ● Adaptive Security Appliance(ASA) ● Firepower Threat Defense(FTD) |
|||
| [Recommended Actions] Official fixes have been released for the vulnerability. Please refer to the official instructions for updating at the following URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2#fs. Detailed versions can be found in the Fixed Software section of the official announcement under the Cisco ASA, FMC, and FTD Software paragraph. A tool is provided to check affected products and versions. Select the product, enter the version number, and the website will indicate whether the version of the product is affected. |
|||
| [Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2024-20353 2. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2 |
|||