Today, Cisco released security updates to address ArcaneDoor—exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software. A cyber threat actor could exploit vulnerabilities (CVE-2024-20353, CVE-2024-20359, CVE-2024-20358) to take control of an affected system.
Cisco has reported active exploitation of CVE 2024-20353 and CVE-2024-20359 and CISA has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog.
CISA strongly encourages users and administrators to apply the necessary updates, hunt for any malicious activity, report positive findings to CISA, and review the following articles for more information:
Cisco Blog: ArcaneDoor – New espionage-focused campaign found targeting perimeter network devices
Cisco Event Response: Attacks Against Cisco Firewall Platforms