VPN Vulnerability in Cisco ASA and FTD Systems Hackersis being actively used in cyber attacks

A critical vulnerability, CVE-2024-20481, was recently discovered in the Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) systems that are exploited via VPN. This vulnerability is actively exploited by hackers in real cyber attacks. This poses a major threat to system security, as this vulnerability allows hackers to gain unauthorized access to the network and gain complete control over the system.
CVE-2024-20481 is a vulnerability in VPN connections on Cisco ASA and FTD systems that targets security flaws in the authentication process. Attackers can gain unauthorized access to the system by sending special requests. This access through a VPN connection allows hackers to steal user information, access other services on the network, and control the network.
This vulnerability affects the following Cisco products:

  • Cisco ASA 9.0 and later
  • Cisco FTD 6.0 and later
    Many companies and organizations use these systems to ensure their network security. After this vulnerability is discovered, vulnerable systems may still be exposed to cyberattacks, even if the problem is fixed through updates provided by Cisco.
    By exploiting the CVE-2024-20481 vulnerability, hackers gain access to a network via a VPN. By doing so, they can:
  • Stealing users’ information online.
  • Access to other services on the network through a VPN connection.
  • Placing and running malicious programs on the system.
  • Take full control of the network.
    These attacks pose a significant risk to businesses, where they face the potential for sensitive data theft and financial loss.
    Cisco has released security updates to address this vulnerability. Therefore, all organizations must comply with the following measures:
  1. Install Updates: The latest security updates released for Cisco ASA and FTD systems should be installed immediately. Updates fix vulnerabilities and protect the system.
  2. Implementation of Multi-Factor Authentication (MFA): The use of two-factor authentication for VPN logins makes it significantly more difficult for attackers to gain access to the system.
  3. System monitoring: VPN connections and network activity must be constantly monitored. Adequate action should be taken against improper connections when detected.
  4. Restrict VPN connections: It is recommended to implement restrictions to ensure access to VPN connections only from trusted IP addresses. This reduces the chances of hackers accessing from unknown sources.
    All organizations and companies are required to install Cisco-released updates and take additional security measures to ensure system security. Timely implementation of these protective measures is important in preventing attacks.
Skip to content