Skip to main content
close search
site logo
Dive Brief

Cisco warns actively exploited CVE can lead to DoS attacks against VPN services

The company warned the threat activity is linked to previously disclosed brute-force attacks beginning in March.

Published Oct. 28, 2024
David Jones's headshot
Reporter
Fingers hover over a computer keyboard with numbers on a screen, against a shadowy backdrop.
jariyawat thinsandee via Getty Images

Dive Brief:

  • A vulnerability that can lead to denial of service in the remote access VPN service of Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense is facing active exploitation, according to the company.
  • Though the vulnerability, listed as CVE-2024-20481, only has a CVSS score of 5.8, it can allow an unauthenticated attacker to cause a denial of service to the remote access VPN service, according to an advisory released Wednesday from Cisco.
  • The Cybersecurity and Infrastructure Security Agency on Thursday added the CVE to its known exploited vulnerabilities catalog.

Dive Insight:

Attackers can send a large number of VPN authentication requests to affected devices to exploit the vulnerability, according to Cisco. A successful attack exhausts resources, which leads to a denial of service on the remote access VPN service on the targeted device. 

Cisco said while there are no workarounds, there are mitigations available for users that are dealing with password spray attacks. 

The Cisco Product Security Incident Response Team said it is aware of malicious use of the vulnerability disclosed in the advisory. The vulnerability was found during the resolution of a Cisco technical assistance center support case.

Researchers from Cisco Talos previously raised concerns about these types of attacks in April. At the time, researchers were monitoring a global surge in brute-force attacks targeting VPN services, web application authentication interfaces and secure shell services dating back to mid-March. 

The attacks Cisco Talos cited in April could lead to unauthorized network access, account lockouts and denial of service. Those attacks also impacted a wide range of services, including VPNs from Cisco Secure Firewall, Check Point, Fortinet and SonicWall, among others.  

The attacks at the time originated from Tor exit nodes as well as other anonymizing tunnels, according to Cisco Talos. 

Attackers have increasingly exploited vulnerabilities targeting VPNs to hack into systems in recent months. Attackers previously targeted vulnerabilities in Check Point Software VPNs.

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell