"CISA is aware of an ongoing exploitation campaign by an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA). The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution on ASAs, as well as manipulating read-only memory (ROM) to persist through reboot and system upgrade. This activity presents a significant risk to victim networks. Cisco assesses that this campaign is connected to the ArcaneDoor activity"
"These zero-day vulnerabilities in the Cisco ASA platform are also present in specific versions of Cisco Firepower. Firepower appliances' Secure Boot would detect the identified manipulation of the ROM. CISA has assessed that the following CVEs pose an unacceptable risk to federal information systems: CISA mandates that these vulnerabilities be addressed immediately through the actions outlined in this Directive. CISA is directing agencies to account for all Cisco ASA and Firepower devices, collect forensics and assess compromise via CISA-provided procedures and tools,"
CISA reports an ongoing exploitation campaign by an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA) using zero-day vulnerabilities to achieve unauthenticated remote code execution and to manipulate read-only memory (ROM) for persistence through reboot and system upgrade. Cisco links the campaign to ArcaneDoor activity observed in early 2024 and reports that the actor demonstrated the ability to modify ASA ROM in 2024. The same vulnerabilities affect specific Cisco Firepower versions, although Firepower Secure Boot would detect ROM manipulation. CISA designates the identified CVEs as unacceptable risk to federal systems and directs immediate inventory, forensics collection, compromise assessment, disconnection of end-of-support devices, and upgrades.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]