CISA Warns of Cisco ASA & Roundcube Vulnerabilities Exploited in Wild


The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of two new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

These vulnerabilities in widely used technologies are actively exploited by malicious actors, posing significant risks to federal and private enterprises.

SIEM as a Service

CVE-2024-20481: Cisco ASA and FTD Denial-of-Service Vulnerability

The first vulnerability, CVE-2024-20481, affects Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD).

This flaw allows attackers to execute denial-of-service (DoS) attacks, potentially disrupting critical security functions and exposing networks.

National Cybersecurity Awareness Month Cyber Challenges – Test your Skills Now

Cisco ASA and FTD are integral components for many organizations’ cybersecurity infrastructure, making this vulnerability particularly concerning.

CVE-2024-37383: Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

The second vulnerability, CVE-2024-37383, targets Roundcube Webmail, a popular open-source webmail client.

This cross-site scripting (XSS) vulnerability could enable attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access to sensitive information.

Given the widespread use of Roundcube in managing email communications, this flaw presents a significant risk to data integrity and privacy.

These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities Catalog under Binding Operational Directive (BOD) 22-01.

This directive mandates that Federal Civilian Executive Branch (FCEB) agencies address identified vulnerabilities by specified deadlines to safeguard their networks from active threats.

While BOD 22-01 specifically targets FCEB agencies, CISA strongly advises all organizations to prioritize remediating these vulnerabilities as part of their cybersecurity practices.

CISA emphasizes the importance of timely updates and patches to mitigate the risks associated with these vulnerabilities.

The agency will continue updating the catalog as new threats emerge, urging organizations to remain vigilant and proactive in their cybersecurity efforts.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here



Source link