"Cisco Raises Alarm for ArcaneDoor Zero-Days Hitting ASA Firewall Platforms"

Cisco recently warned that nation-state backed hacking teams are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks. According to Cisco Talos, the attackers are taking aim at software defects in certain devices running Cisco Adaptive Security Appliance (ASA) or Cisco Firepower Threat Defense (FTD) products to implant malware, execute commands, and potentially exfiltrate data from compromised devices. The campaign, tagged as ArcaneDoor, uses exploits for two documented software bugs (CVE-2024-20353 and CVE-2024-20359) in the Cisco products, but the company’s malware hunters still aren’t sure how the attackers broke in. Cisco Talos said that the initial access vector used in this campaign had not been determined, nor had evidence of pre-authentication exploitation been identified. 

SecurityWeek reports: "Cisco Raises Alarm for ArcaneDoor Zero-Days Hitting ASA Firewall Platforms"