CyberSecurity updates
Updated: 2024-11-22 17:44:29 Pacfic

CISA @ Alerts
CISA Issues Urgent Advisories for Cisco ASA/FTD and RoundCube Webmail Vulnerabilities - 26d

The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent advisories about two critical vulnerabilities: CVE-2024-20481, a denial-of-service (DoS) vulnerability affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), and CVE-2024-37383, a cross-site scripting (XSS) vulnerability in RoundCube Webmail. CVE-2024-20481 allows unauthenticated attackers to crash Cisco ASA/FTD devices with a crafted HTTP request, impacting network availability and security posture. CVE-2024-37383 allows attackers to inject malicious scripts into web pages viewed by RoundCube users, leading to potential data theft or other malicious activities. CISA urges organizations to promptly apply patches for both vulnerabilities and implement mitigation strategies such as input validation, user education, and WAFs to reduce the risk of exploitation.


This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.