April 24, Attacks Against Cisco Firewall Platforms
Cisco have recently released details of three vulnerabilities, two of which have been identified in active use within an ongoing exploitation campaign dubbed ArcaneDoor.
The three vulnerabilities vary in severity; however, it is important to note that the initial compromise vector associated with ArcaneDoor remains unknown.
| Cisco Security Advisory | CVE ID | Security Impact Rating | CVSS Base Score |
| Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability | CVE-2024-20353 | High | 8.6 |
| Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability | CVE-2024-20359 | High | 6.0 |
| Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability | CVE-2024-20358 | Medium | 6.0 |
Data from: https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response
Cisco’s threat research group, Talos, have produced a technical write-up, which can be found here: https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
The NCSC have issued a statement and additional details that can be found here: https://www.ncsc.gov.uk/news/exploitation-vulnerabilities-affecting-cisco-firewall-platforms
Our dedicated security teams are continuing to monitor the situation and Daisy is undertaking all necessary actions to ensure our customers are safe, following guidance from official authorities, including Cisco and the NCSC.
If you suspect you have been affected by this vulnerability or need to discuss further advice please contact our Service Desk team on 0330 024 3333 or raise a ticket via our Customer Portal.