CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-20353

Critical Severity
Cisco
SVRS
80/100
CVSSv3
8.6/10
EPSS
0.01231/1

CVE-2024-20353: Cisco ASA and FTD Software denial-of-service vulnerability. This vulnerability allows remote unauthenticated attackers to trigger unexpected device reloads, leading to a denial of service (DoS) condition. The Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software are affected. An attacker sends a crafted HTTP request which exploits incomplete error checking in HTTP header parsing to trigger the DoS. With an SVRS of 80, CVE-2024-20353 represents a critical vulnerability requiring immediate attention and patching. Actively exploited "In The Wild" with available exploits, organizations face significant risk. The vulnerability is present in the management and VPN web servers. Successful exploitation causes a device reload, disrupting network services.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:C
C:N
I:N
A:H
PUBLICATION DATE2024-04-24
LAST MODIFIED2025-01-27

Indicators of Compromise

TypeIndicatorDate
IP
103.119.3.2302024-05-25
IP
194.4.49.62024-05-25
IP
89.44.198.1892024-05-25
IP
103.114.200.2302024-05-25
IP
103.125.218.1982024-05-25
IP
103.20.222.2182024-05-25
IP
103.27.132.692024-05-25

Exploits

TitleSoftware LinkDate
Spl0stus/CVE-2024-20353-CiscoASAandFTDhttps://github.com/Spl0stus/CVE-2024-20353-CiscoASAandFTD2024-05-03
Cisco ASA and FTD Denial of Service Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-203532024-04-24
codeb0ss/CVE-2024-20353-PoChttps://github.com/codeb0ss/CVE-2024-20353-PoC2024-07-13
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Multiples vulnérabilités dans les produits Cisco (25 avril 2024)
2025-04-01
Multiples vulnérabilités dans les produits Cisco (25 avril 2024) | Le 24 avril 2024, Cisco a publié trois avis de sécurité concernant des vulnérabilités affectant les équipements de sécurité ASA et FTD. Deux d'entre eux concernent les vulnérabilités CVE-2024-20353 et CVE-2024-20359 qui sont activement exploitées dans le cadre d'attaques ciblées. La vulnérabilité...
ssi.gouv.fr
rss
forum
news
CVE-2024-20353 | Cisco ASA/Firepower Threat Defense Web Server infinite loop (cisco-sa-asaftd-websrvs-dos-X8gNucD2)
vuldb.com2025-01-28
CVE-2024-20353 | Cisco ASA/Firepower Threat Defense Web Server infinite loop (cisco-sa-asaftd-websrvs-dos-X8gNucD2) | A vulnerability classified as critical was found in Cisco ASA and Firepower Threat Defense. Affected by this vulnerability is an unknown functionality of the component Web Server. The manipulation leads to infinite loop. This vulnerability is known as CVE-2024-20353. The attack can be launched remotely
cve-2024-20353
server
fraud
cve
ArcaneDoor Unlocked: Tackling State-Sponsored Cyber Espionage in Network Perimeters - Qualys Blog
2024-04-24
ArcaneDoor Unlocked: Tackling State-Sponsored Cyber Espionage in Network Perimeters - Qualys Blog | News Content: Cisco recently uncovered a sophisticated cyber espionage campaign, ArcaneDoor, targeting perimeter network devices used by government and critical infrastructure sectors. This campaign involves state-sponsored actors exploiting two zero-day vulnerabilities (CVE-2024-20353 and CVE-2024-20359) aimed primarily at espionage through intricate malware known as Line Runner and Line Dancer. ArcaneDoor manipulates perimeter network devices, such as Cisco Adaptive Security Appliances (ASA), to reroute or monitor network traffic, providing a strategic vantage point for espionage. The investigation, spurred by vigilant customer reports early in
google.com
rss
forum
news
Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks - Security Affairs
2024-04-24
Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks - Security Affairs | News Content: Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Cisco Talos warned that the nation-state actor UAT4356 (aka STORM-1849) has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. Cisco Talos researchers tracked
google.com
rss
forum
news
Cisco's ASA vertical suffers state-backed hacking attempt - MediaNama.com
2024-04-26
Cisco's ASA vertical suffers state-backed hacking attempt - MediaNama.com | News Content: Cisco’s Adaptive Security Appliances (ASA), security devices meant to protect corporate networks and data centres through features like firewalls and VPNs, were compromised in a state-sponsored hacker attack that targeted government officials globally. A press release by three government agencies, Canadian Centre for Cyber Security (Cyber Centre), Australian Signals Directorate’s Australian Cyber Security Centre and The UK’s National Cyber Security Centre (NCSC), states that the agencies were investigating a “well-resourced and sophisticated state-sponsored actor” targeting VPN services used by governments globally. The
google.com
rss
forum
news
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage - The Hacker News
2024-04-25
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage - The Hacker News | News Content: A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft). "UAT4356 deployed two backdoors as components of this campaign, 'Line Runner' and 'Line Dancer,' which were used collectively to conduct malicious actions on-target, which included configuration modification
google.com
rss
forum
news
Cisco warns of backdoor admin account in Smart Licensing Utility - BleepingComputer
2024-09-04
Cisco warns of backdoor admin account in Smart Licensing Utility - BleepingComputer | News Content: By Sergiu Gatlan 12:58 PM Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. CSLU is a Windows application that helps manage licenses and linked products on-premises without connecting them to Cisco's cloud-based Smart Software Manager solution. The company says this critical vulnerability (CVE-2024-20439) allows unauthenticated attackers to log into unpatched systems remotely using an "undocumented static user credential for an administrative account." "A successful
google.com
rss
forum
news

Social Media

@wayneyeung @AskPerplexity The ArcaneDoor campaign, uncovered in April 2024, is a state-sponsored cyber espionage effort targeting Cisco Adaptive Security Appliances. It exploits two zero-day vulnerabilities, CVE-2024-20353 and CVE-2024-20359, to deploy backdoors called Line Runner and Line Dancer. These
0
0
0
CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor https://t.co/tESrlTiW1E https://t.co/MjV3ehUFSs
0
0
0
Actively exploited CVE ID, source in the thread (generated, not vetted) CVE-2024-20353
1
0
0
Actively exploited CVE ID, source in the thread CVE-2024-20353
1
0
0
CVE-2024-20353
1
0
0
Threat Intelligence and Product Vulnerability Attack Trends - Date: 2024-05-27 Threats on Products and CVEs 🚨 New CVEs CVE-2024-20353 & CVE-2024-20359 exploited in Cisco ASA devices! Stay updated: https://t.co/rG73D6Mj4Y
1
0
0
🚨 CVE-2024-20353 e CVE-2024-20359: Falhas no Cisco ASA e FTD permitem negação de serviço e elevação de privilégio, exploradas por atores maliciosos (CISA). #CyberSecurity #Cisco #Infosec
0
0
0
['Active CVEs: CVE-2022-27518', 'CVE-2024-21338', 'CVE-2024-4323', 'CVE-2024-3400', 'CVE-2024-24576', 'CVE-2023-46805', 'CVE-2024-20358', 'CVE-2022-38028', 'CVE-2023-1389', 'CVE-2022-21587', 'CVE-2024-21887', 'CVE-2024-21412', 'CVE-2024-20353',
1
0
0
CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor https://t.co/P5MEYAih85 https://t.co/OHbDoWoJDZ
0
0
0
['Active CVEs: CVE-2024-21412', 'CVE-2021-44228', 'CVE-2024-3094', 'CVE-2024-3400', 'CVE-2024-5678', 'CVE-2023-46805', 'CVE-2024-20358', 'CVE-2022-38028', 'CVE-2023-1389', 'CVE-2022-21587', 'CVE-2024-21887', 'CVE-2024-20353', 'CVE-2023-36396',
1
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSCiscoadaptive_security_appliance_software
Configuration 2
TypeVendorProduct
AppCiscofirepower_threat_defense

References

ReferenceLink
[email protected]https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
AF854A3A-2127-422B-91AE-364DA2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
[email protected]https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2

CWE Details

CWE IDCWE NameDescription
CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence