Executive Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog to include two new vulnerabilities that are actively being exploited.
One of them is an old high-severity vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. The other one is a critical vulnerability in Microsoft Exchange. Please see more information about these vulnerabilities below.
Certainly, it is important for organizations to promptly patch these vulnerabilities.
Cisco Vulnerability: CVE-2020-3259
CVE-2020-3259 is a high-severity vulnerability in the web services interface of Cisco ASA Software and Cisco FTD Software.
This flaw, which has a CVSS score of 7.5, is an old issue that Cisco fixed back in 2020. It could allow an unauthenticated, remote attacker to retrieve memory contents from an affected device, potentially leading to the disclosure of confidential information. The issue arises from a buffer tracking problem encountered when the software processes invalid URLs requested through the web services interface.
To exploit this vulnerability, an attacker would need to send a specifically crafted GET request to the web services interface. It is important to note that this vulnerability is exploitable without any privileges or user interaction with low complexity.
Successful exploitation could result in the attacker obtaining sensitive information from the device’s memory. It’s important to note that this vulnerability specifically impacts certain configurations of AnyConnect and WebVPN.
Furthermore, the Truesec team found evidence in late January suggesting that the Akira Ransomware group may be exploiting this flaw.
To resolve this issue, Cisco recommends updating the affected software to the latest available version. Please refer to Cisco’s security advisory for more detailed information.
Microsoft Vulnerability: CVE-2024-21410
This vulnerability in Exchange Server, is a critical privilege escalation issue with a CVSS score of 9.8.
An attacker could exploit this flaw by relaying a user’s leaked Net-NTLMv2 hash to authenticate on a vulnerable Exchange Server. Eventually, its exploitation could lead to unauthorized access and control over the server.
Microsoft addressed it in its latest Patch Tuesday updates. Later, the company has acknowledged in its security bulletin that the critical flaw is actively being exploited.
Moreover, this is the third publicly exploited vulnerability Microsoft addressed in its February 2024 Patch Tuesday, following two zero-day vulnerabilities. You can visit our recent news article for more information on Microsoft’s February 2024 Patch Tuesday updates.
- Application Security Scanning Evolves with Strategic Integrations
- Russian Cyberstrike: Ukrainian Telecom Faces Devastation and Espionage
- Medical Center Fined $4.75 Million Due to HIPAA Violations
- NSA’s Zero Trust Guidance for Securing Networks
- Roku Security Breach: 576,000 Accounts Impacted
- [CVSS 9+] Critical Vulnerabilities Expose AI Models to Attacks