In early 2024, the Cisco Product Security Incident Response Team (PSIRT) became aware of attacks that were targeting certain devices that were running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software to implant malware, execute commands, and potentially exfiltrate data from the compromised devices.
This attack campaign has been named ArcaneDoor. Although Cisco has not yet identified the initial attack vector, the software updates that are identified in the advisories in the following table address software weaknesses that could allow an attacker to implant malware and obtain persistence on an affected device. Of these software weaknesses, CVE-2024-20353 and CVE-2024-20359 were used by the attacker in this attack campaign.
Cisco strongly recommends that all customers upgrade to fixed software versions.
IMPORTANT: For customers seeking a 7.2 train fixed version of code, please upgrade to 7.2.5.2 or 7.2.7; this guidance has changed due to a bug in 7.2.6. Refer to this Upgrade TechNote for further guidance.
On April 24, 2024, Cisco released the following Cisco ASA and FTD Software Security Advisories that address weaknesses that were leveraged in these attacks:
Cisco Security Advisory | CVE ID | Security Impact Rating | CVSS Base Score |
---|---|---|---|
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability | CVE-2024-20353 | High | 8.6 |
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability | CVE-2024-20359 | High | 6.0 |
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability | CVE-2024-20358 | Medium | 6.0 |
For more information on the ArcaneDoor campaign, see the Cisco Talos Threat Advisory ArcaneDoor: New espionage-focused campaign targets perimeter network devices.
All customers are advised to upgrade to a fixed software release.
Customers can use the Cisco Support Assistant to verify the integrity of their Cisco ASA or FTD devices.
Notes: