Edit Content
Report Incident
English
Sinhala
Tamil

ADVISORY!

TLP : CLEAR

Date : 25/04/2024

REF NO : CERT / 2024/04/35

Cisco Products Multiple Vulnerabilities

Severity Level: High

Components Affected

  • Cisco ASA Software
  • Cisco FTD Software

Overview

Multiple vulnerabilities were identified in Cisco Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system.

Description

CVE-2024-20353 and CVE-2024-20359 are being exploited in the wild. CVE-2024-20353 required users enabling SSL listen sockets on any TCP port to be exploited. CVE-2024-20359 required a user who have at least resource administrator role privilege to perform critical actions. Hence, the risk level is rated as High Risk.

Impact

  • Remote Code Execution
  • Denial of Service

Solution/ Workarounds

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Reference

 

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Linkedin-in Facebook-f Twitter Youtube

Quick Links

Useful Links

Contact

  • Hotline : 101
  • +94 11 269 1692
  • Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
  • General inquiry: cert@cert.gov.lk
  • Security incidents: incidents@cert.gov.lk
  • Social media incidents: report@cert.gov.lk

Copyright © 2023 SRI LANKA CERT | CC