Critical Advisory: Vulnerability in Cisco ASA and FTD Software’s Remote Access VPN Service

Cisco Systems has issued a critical advisory regarding a vulnerability in its Remote Access VPN service associated with the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability poses a significant threat as it could allow an unauthenticated, remote attacker to execute a denial of service (DoS) attack against the RAVPN service, impacting organizations relying on these essential security tools.

The Common Vulnerability Scoring System (CVSS) score for this issue is 5.8, and it is identified by the CVE identifier CVE-2024-20481 falling under the CWE classification of CWE-772. The investigation into these vulnerabilities revealed that they stem from resource exhaustion, where an attacker could exploit this weakness by sending numerous VPN authentication requests to an affected device.

Such an attack could exhaust system resources, leading to a complete denial of service for the RAVPN service. In the event of successful exploitation, the affected device may need to be rebooted to restore functionality. However, services unrelated to the VPN remain unaffected by this vulnerability.

Cisco’s security research team has highlighted the increasing trend of brute-force attacks targeting VPNs and SSH services, emphasizing the critical need for better security measures in network environments. At the time of the advisory’s publication, Cisco ASA and FTD software running vulnerable releases with the RAVPN service enabled were at risk.

Organizations using these products are urged to verify their software version against the advisory’s guidelines to determine vulnerability status. Immediate action is essential as there are currently no workarounds available to mitigate this specific vulnerability. Cisco has confirmed that several of its products are not affected by the identified vulnerability, providing some relief to users.