Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms

Businesses and organisations relying on Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defence (FTD) firewalls are being advised to take immediate action to protect themselves from a sophisticated cyber-attack campaign dubbed ArcaneDoor. This campaign is reportedly being conducted by a state-sponsored espionage group.

Summary of the Vulnerabilities

• A nation-state threat actor, identified as UAT4356 by Cisco Talos and Storm-1849 by Microsoft Threat Intelligence Center, targeted government networks using two zero-day vulnerabilities in Cisco products in a campaign known as "ArcaneDoor."
• Cisco patched the vulnerabilities affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, known as CVE-2024-20353 and CVE-2024-20359, which were exploited in the wild as part of the ArcaneDoor threat campaign.
• One vulnerability is labeled as high, with a score of 8.6. This vulnerability can result in a denial of service (DoS) (CVE-2024-20353). The other vulnerability is considered a medium criticality, scored with a 6. This vulnerability could allow a local attacker to execute arbitrary code and Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High (CVE-2024-20359).

CISA strongly encourages users and administrators to apply the necessary updates, hunt for any malicious activity, report positive findings to CISA, and review the following articles for more information:

• Cisco Blog: ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
• Cisco Event Response: Attacks Against Cisco Firewall Platforms
• Canadian Centre for Cyber Security: Cyber Activity Impacting CISCO ASA VPNs