0day.news (Copyright © 2024) — Cisco has recently unveiled significant security updates aimed at addressing critical vulnerabilities across its firewall platforms, specifically targeting ArcaneDoor vulnerabilities. These vulnerabilities pose serious risks to network security, encompassing Denial of Service (DoS), Remote Code Execution (RCE), and Command Injection (Cmd Inj). Here’s a concise overview of the vulnerabilities and Cisco’s response:

Denial of Service (DoS) Vulnerability
Identified as a critical flaw affecting the web services of Cisco ASA and FTD devices, this vulnerability could result in service disruption. Cisco has swiftly released patches to mitigate this risk and ensure the continued availability of affected devices.

CVE-2024-20353
CWE-835

Remote Code Execution (RCE) Vulnerability
Another critical vulnerability present in ASA and FTD platforms allows attackers to execute arbitrary code remotely, potentially leading to system compromise. Cisco has responded promptly by issuing patches to eliminate this vulnerability and enhance device security.

CVE-2024-20359
CWE-94

Command Injection (Cmd Inj) Vulnerability
The third vulnerability in the ArcaneDoor series involves a Command Injection flaw present in ASA and FTD devices. Exploitation of this vulnerability could allow attackers to execute arbitrary commands, leading to unauthorized access. Cisco has addressed this risk by providing patches to mitigate the underlying vulnerability and bolster device security.

In light of these vulnerabilities, Cisco has demonstrated its commitment to cybersecurity by promptly releasing patches and updates to protect its customers from potential exploitation. By applying these security measures, organizations can strengthen their network defenses and mitigate the risks associated with ArcaneDoor vulnerabilities. Continued vigilance and proactive security measures remain crucial in safeguarding network infrastructures against evolving threats.

CVE-2024-20358
CWE-78
According to the Cybersecurity and Infrastructure Security Agency (CISA), Cisco’s release of security updates to address ArcaneDoor vulnerabilities affecting Cisco firewall platforms. These vulnerabilities could enable attackers to execute arbitrary code, disrupt services, and gain unauthorized access to sensitive systems. Cisco’s security updates aim to mitigate these risks and ensure the integrity and security of affected devices. Organizations are urged to apply the necessary updates promptly to protect their network infrastructures from potential exploitation.