Cisco Event Response Page
Cisco Event Response: May 2024 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication
-
Cisco released its semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication on May 22, 2024.
The May 22, 2024, release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication includes 6 Cisco Security Advisories that describe 6 vulnerabilities in Cisco ASA, FMC, and FTD. Cisco has released software updates that address these vulnerabilities.
Cisco has confirmed that all of the fixed software releases that are part of this bundle include the fix for the vulnerabilities that were involved in the ArcaneDoor attack campaign, described in CVE-2024-20353, CVE-2024-20358, and CVE-2024-20359.
-
The following table identifies Cisco Security content that is associated with this bundled publication:
Cisco Security Advisory CVE ID Security Impact Rating CVSS Base Score Cisco Firepower Management Center Software SQL Injection Vulnerability CVE-2024-20360High8.8Cisco Adaptive Security Appliance and Firepower Threat Defense Software Inactive-to-Active ACL Bypass Vulnerability CVE-2024-20293Medium5.8Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability CVE-2024-20361Medium5.8Cisco Firepower Threat Defense Software Encrypted Archive File Policy Bypass Vulnerability CVE-2024-20261Medium5.8Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability CVE-2024-20363Medium5.8Cisco Adaptive Security Appliance and Firepower Threat Defense Software Authorization Bypass Vulnerability CVE-2024-20355Medium5Additional Information
There are no additional actions for customers who have upgraded their platforms as advised on the April 24, 2024, ArcaneDoor Event Response Page and associated Security Advisories.
Related Resources
Cisco Security Vulnerability Policy
MITRE Common Vulnerabilities and Exposures
Common Vulnerability Scoring System and the Security Impact Rating
Common Vulnerability Scoring System Q & A