Cisco has rushed a patch for a brute-force denial-of-service (DoS) vulnerability in its VPN that is being actively exploited within the wild.
The medium-severity bug (CVE-2024-20481, CVSS 5.8) resides within the Distant Entry VPN (RAVPN) discovered within the Cisco Adaptive Safety Equipment (ASA) and Cisco Firepower Menace Protection (FTD) software program. If exploited, it may enable an unauthenticated, distant attacker to trigger a DoS and disruptions inside the RAVPN.
In keeping with Cisco’s advisory on the flaw, the vulnerability might be exploited for useful resource exhaustion by sending a mass variety of VPN authentication requests to an affected machine, as a cyberattacker would do in an automatic brute-force or password-spray assault.
“Relying on the affect of the assault, a reload of the machine could also be required to revive the RAVPN service,” Cisco mentioned in its report. “Companies that aren’t associated to VPN will not be affected.”
Cisco has launched software program updates to assist mitigate the vulnerability, however it notes that there aren’t any different workarounds for the bug.
It does present suggestions for evading password-spray assaults, together with enabling logging, configuring risk detecting for distant entry VPN providers, making use of hardening measures, and manually blocking connection makes an attempt from unauthorized sources.
