VULNERA Pulse

Roundcube — Webmail

CVE-2024-37383 / Added: Oct. 24, 2024

MEDIUM CVSS 6.10 EPSS Score 3.65 EPSS Percentile 91.91

RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.

Headlines

• Oct. 27, 2024 - newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION
• Oct. 27, 2024 - Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
• Oct. 25, 2024 - U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog
• Oct. 25, 2024 - CISA Sounds Alarm on Actively Exploited Cisco and Roundcube Vulnerabilities
• Oct. 22, 2024 - Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
• Oct. 21, 2024 - Hackers exploit Roundcube webmail flaw to steal email, credentials
• Oct. 21, 2024 - Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign
• Oct. 20, 2024 - Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

Back to top ↑

Cisco — Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

CVE-2024-20481 / Added: Oct. 24, 2024

MEDIUM CVSS 5.80 EPSS Score 1.18 EPSS Percentile 85.48

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service.

Headlines

• Oct. 28, 2024 - THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)
• Oct. 27, 2024 - Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
• Oct. 26, 2024 - New Cisco ASA and FTD features block VPN brute-force password attacks
• Oct. 25, 2024 - Exploited: Cisco, SharePoint, Chrome vulnerabilities
• Oct. 25, 2024 - U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog
• Oct. 25, 2024 - CISA Sounds Alarm on Actively Exploited Cisco and Roundcube Vulnerabilities
• Oct. 24, 2024 - Cisco fixes bug under exploit in brute-force attacks
• Oct. 24, 2024 - Cisco fixes bug under exploit in brute-force attacks
• Oct. 24, 2024 - Cisco fixes VPN DoS flaw discovered in password spray attacks
• Oct. 24, 2024 - Cisco fixed tens of vulnerabilities, including an actively exploited one
• Oct. 24, 2024 - Cisco ASA, FTD Software Under Active VPN Exploitation
• Oct. 24, 2024 - Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
• Oct. 24, 2024 - Active Exploits Target Cisco ASA and FTD VPNs: Urgent Update Needed (CVE-2024-20481)

Back to top ↑

Fortinet — FortiManager

CVE-2024-47575 / Added: Oct. 23, 2024

CRITICAL CVSS 9.80 EPSS Score 1.28 EPSS Percentile 86.10

Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

Headlines

• Oct. 28, 2024 - THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)
• Oct. 27, 2024 - newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION
• Oct. 24, 2024 - Critical Bug Exploited in Fortinet's Management Console
• Oct. 24, 2024 - FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024
• Oct. 24, 2024 - Fortinet Confirms Exploitation of Critical FortiManager Zero-Day
• Oct. 24, 2024 - New Threat Group UNC5820 Targets FortiManager Zero-Day CVE-2024-47575 in Global Cyberattack
• Oct. 24, 2024 - Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
• Oct. 24, 2024 - Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation
• Oct. 24, 2024 - U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog
• Oct. 24, 2024 - Mandiant says new Fortinet flaw has been exploited since June
• Oct. 23, 2024 - FortiManager critical vulnerability under active attack
• Oct. 23, 2024 - A Vulnerability in Fortinet FortiManager Could Allow for Remote Code Execution
• Oct. 23, 2024 - Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575) | Google Cloud Blog
• Oct. 23, 2024 - Fortinet Warns of Actively Exploited Flaw in FortiManager: CVE-2024-47575 (CVSS 9.8)
• Oct. 23, 2024 - Fortinet warns of new critical FortiManager flaw used in zero-day attacks

Back to top ↑

Microsoft — SharePoint

CVE-2024-38094 / Added: Oct. 22, 2024

HIGH CVSS 7.20 EPSS Score 3.49 EPSS Percentile 91.75

Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.

Headlines

• Oct. 28, 2024 - THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)
• Oct. 27, 2024 - Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
• Oct. 25, 2024 - Exploited: Cisco, SharePoint, Chrome vulnerabilities
• Oct. 23, 2024 - Microsoft SharePoint Vuln Is Under Active Exploit
• Oct. 23, 2024 - Microsoft SharePoint RCE under active exploit
• Oct. 23, 2024 - U.S. CISA adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog
• Oct. 23, 2024 - CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)
• July 10, 2024 - RCE Vulnerabilities in Microsoft SharePoint Server: PoC Exploit Code Published
• July 9, 2024 - Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities

Back to top ↑

ScienceLogic — SL1

CVE-2024-9537 / Added: Oct. 21, 2024

CRITICAL CVSS 9.80 EPSS Score 3.64 EPSS Percentile 91.91

ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component.

Headlines

• Oct. 28, 2024 - THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)
• Oct. 27, 2024 - Senator says domain reg firms aiding Russian disinfo spread
• Oct. 22, 2024 - U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog
• Oct. 22, 2024 - CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
• Oct. 21, 2024 - CVE-2024-9537 (CVSS 9.8): Critical Zero-Day in ScienceLogic EM7 Leads to Rackspace Security Incident

Back to top ↑

CVE-2024-47575

CRITICAL CVSS 9.80 EPSS Score 1.28 EPSS Percentile 86.10

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Oct. 23, 2024

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Vendor Impacted: Fortinet

Products Impacted: Fortimanager, Fortimanager Cloud

Quotes

• Unregistered device localhost add succeeded
• We got breached on this one weeks before it hit
• Reports have shown this vulnerability to be exploited in the wild
• UNC5820 staged and exfiltrated the configuration data of the FortiGate devices managed by the exploited FortiManager
• A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests
• I’m not confident that Fortinet’s narrative that they’re protecting customers by not publicly disclosing a vulnerability is protecting customers. This vulnerability has been under widespread exploitation for a while
• After identifying this vulnerability (CVE-2024-47575), Fortinet promptly communicated critical information and resources to customers. This is in line with our processes and best practices for responsible disclosure to enable customers to strengthen their security posture prior to an advisory being publicly released to a broader audience, including threat actors. We also have published a corresponding public advisory (FG-IR-24-423) reiterating mitigation guidance, including a workaround and patch updates. We urge customers to follow the guidance provided to implement the workarounds and fixes and to continue tracking our advisory page for updates. We continue to coordinate with the appropriate international government agencies and industry threat organizations as part of our ongoing response

Headlines

• Oct. 24, 2024 - Critical Bug Exploited in Fortinet's Management Console
• Oct. 24, 2024 - FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024
• Oct. 24, 2024 - Fortinet Confirms Exploitation of Critical FortiManager Zero-Day
• Oct. 24, 2024 - New Threat Group UNC5820 Targets FortiManager Zero-Day CVE-2024-47575 in Global Cyberattack
• Oct. 24, 2024 - Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
• Oct. 24, 2024 - Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation
• Oct. 24, 2024 - U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog
• Oct. 24, 2024 - Mandiant says new Fortinet flaw has been exploited since June
• Oct. 23, 2024 - FortiManager critical vulnerability under active attack
• Oct. 23, 2024 - A Vulnerability in Fortinet FortiManager Could Allow for Remote Code Execution
• Oct. 23, 2024 - Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575) | Google Cloud Blog
• Oct. 23, 2024 - Fortinet Warns of Actively Exploited Flaw in FortiManager: CVE-2024-47575 (CVSS 9.8)
• Oct. 23, 2024 - Fortinet warns of new critical FortiManager flaw used in zero-day attacks

CVE-2024-38812

CRITICAL CVSS 9.80 EPSS Score 0.09 EPSS Percentile 40.73

Actively Exploited Remote Code Execution Public Exploits Available

Published: Sept. 17, 2024

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Vendor Impacted: Vmware

Product Impacted: Vcenter Server

Quotes

• All customers are strongly encouraged to apply the patches currently listed in the Response Matrix
• VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812
• A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution

Headlines

• Oct. 22, 2024 - VMware patches critical RCE, make-me-root bugs — again
• Oct. 22, 2024 - VMware fixes bad patch for critical vCenter Server RCE flaw
• Oct. 22, 2024 - VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812
• Oct. 22, 2024 - VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

CVE-2024-23113

CRITICAL CVSS 9.80 EPSS Score 1.84 EPSS Percentile 88.66

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Feb. 15, 2024

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

Vendor Impacted: Fortinet

Products Impacted: Fortios, Fortipam, Multiple Products, Fortiproxy, Fortiswitchmanager

Quotes

• Became aware of an issue with the ScienceLogic EM7 Portal
• I’m not confident that Fortinet’s narrative that they’re protecting customers by not publicly disclosing a vulnerability is protecting customers. This vulnerability has been under widespread exploitation for a while

Headlines

• Oct. 24, 2024 - Fortinet Confirms Exploitation of Critical FortiManager Zero-Day
• Oct. 22, 2024 - CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
• Oct. 21, 2024 - Fortinet releases patches for undisclosed critical FortiManager vulnerability
• Oct. 20, 2024 - Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion

CVE-2024-9537

CRITICAL CVSS 9.80 EPSS Score 3.64 EPSS Percentile 91.91

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Oct. 18, 2024

ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.

Vendor Impacted: Sciencelogic

Product Impacted: Sl1

Quotes

• Became aware of an issue with the ScienceLogic EM7 Portal
• ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+

Headlines

• Oct. 22, 2024 - U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog
• Oct. 22, 2024 - CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
• Oct. 21, 2024 - CVE-2024-9537 (CVSS 9.8): Critical Zero-Day in ScienceLogic EM7 Leads to Rackspace Security Incident

CVE-2024-4947

HIGH CVSS 8.80 EPSS Score 0.22 EPSS Percentile 60.97

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: May 15, 2024

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendors Impacted: Google, Fedoraproject

Products Impacted: Fedora, Chrome, Chromium V8

Quotes

• This issue (330404819) was submitted and fixed in March 2024
• Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
• Visiting the website was all it took to get infected – the game was just a distraction
• Over the years, we have uncovered many [Lazarus] attacks on the cryptocurrency industry, and one thing is certain: these attacks are not going away
• Has responded to a growing number of engagements in which adversaries have leveraged password-spraying campaigns to obtain valid usernames and passwords to facilitate initial access
• On the surface, this website resembled a professionally designed product page for a decentralized finance (DeFi) NFT-based (non-fungible token) multiplayer online battle arena (MOBA) tank game, inviting users to download a trial version

Headlines

• Oct. 25, 2024 - Exploited: Cisco, SharePoint, Chrome vulnerabilities
• Oct. 24, 2024 - Lazarus Group Exploits Google Chrome Flaw in New Campaign
• Oct. 24, 2024 - Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices
• Oct. 23, 2024 - Lazarus Group Exploits Chrome Zero-Day in Latest Campaign
• Oct. 23, 2024 - Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
• Oct. 23, 2024 - Fake Crypto Game Hides Chrome Zero-Day CVE-2024-4947 Attack by Lazarus APT
• Oct. 23, 2024 - Lazarus APT steals cryptocurrency and user data via a decoy MOBA game

CVE-2024-44068

HIGH CVSS 8.10 EPSS Score 0.06 EPSS Percentile 26.98

Actively Exploited Remote Code Execution

Published: Oct. 7, 2024

An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.

Quotes

• This 0-day exploit is part of an EoP chain
• A Use-After-Free in the mobile processor leads to privilege escalation
• An issue [that] was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920
• An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server

Headlines

• Oct. 24, 2024 - Samsung phone users exposed to EoP attacks, Google warns
• Oct. 23, 2024 - CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)
• Oct. 23, 2024 - Researcher Details 0-Day Flaw CVE-2024-44068 in Samsung Exynos Processors
• Oct. 22, 2024 - Samsung Zero-Day Vuln Under Active Exploit, Google Warns
• Oct. 22, 2024 - Samsung zero-day flaw actively exploited in the wild

CVE-2024-38178

HIGH CVSS 7.50 EPSS Score 1.32 EPSS Percentile 86.37

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Aug. 13, 2024

Scripting Engine Memory Corruption Vulnerability

Vendor Impacted: Microsoft

Products Impacted: Windows 10 22h2, Windows Server 2019, Windows 11 21h2, Windows 10 21h2, Windows 11 23h2, Windows 11 24h2, Windows Server 2022 23h2, Windows, Windows Server 2022, Windows 10 1809, Windows 11 22h2, Windows Server 2012, Windows 10 1607, Windows Server 2016, Windows 10 1507

Quotes

• Large-scale global internet surveillance network
• Many Toast ad programs use a feature called WebView to render Web content for displaying ads
• This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution

Headlines

• Oct. 21, 2024 - THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)
• Oct. 21, 2024 - DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks
• Oct. 20, 2024 - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16
• Oct. 20, 2024 - newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION
• Oct. 19, 2024 - North Korea-linked APT37 exploited IE zero-day in a recent attack

CVE-2024-38094

HIGH CVSS 7.20 EPSS Score 3.49 EPSS Percentile 91.75

CISA Known Exploited Actively Exploited Remote Code Execution

Published: July 9, 2024

Microsoft SharePoint Remote Code Execution Vulnerability

Vendor Impacted: Microsoft

Products Impacted: Sharepoint, Sharepoint Server

Quotes

• An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server
• Has responded to a growing number of engagements in which adversaries have leveraged password-spraying campaigns to obtain valid usernames and passwords to facilitate initial access

Headlines

• Oct. 25, 2024 - Exploited: Cisco, SharePoint, Chrome vulnerabilities
• Oct. 23, 2024 - Microsoft SharePoint Vuln Is Under Active Exploit
• Oct. 23, 2024 - Microsoft SharePoint RCE under active exploit
• Oct. 23, 2024 - U.S. CISA adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog
• Oct. 23, 2024 - CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

CVE-2024-37383

MEDIUM CVSS 6.10 EPSS Score 3.65 EPSS Percentile 91.91

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: June 7, 2024

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

Vendors Impacted: Roundcube, Debian

Products Impacted: Debian Linux, Webmail

Quotes

• When an extra space is added to the
• The email appeared to be a message without text, containing only an attached document
• An authorization form with the fields rcmloginuser and rcmloginpwd (the user's login and password for the Roundcube client) is added to the HTML page displayed to the user
• While Roundcube Webmail may not be the most widely used email client, it remains a target for hackers due to its prevalent use by government agencies. Attacks on this software can result in significant damage, allowing cybercriminals to steal sensitive information
• This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device

Headlines

• Oct. 25, 2024 - U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog
• Oct. 25, 2024 - CISA Sounds Alarm on Actively Exploited Cisco and Roundcube Vulnerabilities
• Oct. 22, 2024 - Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
• Oct. 21, 2024 - Hackers exploit Roundcube webmail flaw to steal email, credentials
• Oct. 21, 2024 - Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign
• Oct. 20, 2024 - Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

CVE-2024-20481

MEDIUM CVSS 5.80 EPSS Score 1.18 EPSS Percentile 85.48

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Oct. 23, 2024

A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected. Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials.

Vendor Impacted: Cisco

Product Impacted: Adaptive Security Appliance (Asa) And Firepower Threat Defense (Ftd)

Quotes

• Aware of malicious use of the vulnerability that is described in this advisory
• Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service
• Has responded to a growing number of engagements in which adversaries have leveraged password-spraying campaigns to obtain valid usernames and passwords to facilitate initial access
• A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service
• This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device

Headlines

• Oct. 25, 2024 - Exploited: Cisco, SharePoint, Chrome vulnerabilities
• Oct. 25, 2024 - U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog
• Oct. 25, 2024 - CISA Sounds Alarm on Actively Exploited Cisco and Roundcube Vulnerabilities
• Oct. 24, 2024 - Cisco fixes bug under exploit in brute-force attacks
• Oct. 24, 2024 - Cisco fixes VPN DoS flaw discovered in password spray attacks
• Oct. 24, 2024 - Cisco fixed tens of vulnerabilities, including an actively exploited one
• Oct. 24, 2024 - Cisco ASA, FTD Software Under Active VPN Exploitation
• Oct. 24, 2024 - Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
• Oct. 24, 2024 - Active Exploits Target Cisco ASA and FTD VPNs: Urgent Update Needed (CVE-2024-20481)