FlagThis

CyberSecurity updates
Updated: 2024-11-22 13:12:58 Pacfic
CISA @ Alerts
CISA Issues Urgent Advisories for Cisco ASA/FTD and RoundCube Webmail Vulnerabilities - 26d
Read more: www.cisa.gov

The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent advisories about two critical vulnerabilities: CVE-2024-20481, a denial-of-service (DoS) vulnerability affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), and CVE-2024-37383, a cross-site scripting (XSS) vulnerability in RoundCube Webmail. CVE-2024-20481 allows unauthenticated attackers to crash Cisco ASA/FTD devices with a crafted HTTP request, impacting network availability and security posture. CVE-2024-37383 allows attackers to inject malicious scripts into web pages viewed by RoundCube users, leading to potential data theft or other malicious activities. CISA urges organizations to promptly apply patches for both vulnerabilities and implement mitigation strategies such as input validation, user education, and WAFs to reduce the risk of exploitation.

References:
  • Malware Analysis, News and Indicators - Threat actors could exploit the vulnerability, which stems from resource exhaustion, to facilitate a denial-of-service condition in impacted devices' RAVPN service, said Cisco. - 27d
  • sec.cloudapps.cisco.com - Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication - 27d
  • SCM feed for Risk Assessments/Management - Actively exploited Cisco ASA, FTD vulnerability addressed - 27d
  • Over Security - The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent advisories about two critical vulnerabilities: CVE-2024-20481, a denial-of-service (DoS) vulnerability affecting Cisco Ada - 26d
  • nvd.nist.gov - NVD's vulnerability detail for CVE-2024-20481. - 26d

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.