Cisco ASA and FTD Information Disclosure Vulnerability - 20240216001¶
Overview¶
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. This vulnerability has been attributed to a recent escalation to Known Exploited Vulnerabilities by CISA.
What is vulnerable?¶
| Product(s) Affected | CVE | Severity | CVSS |
|---|---|---|---|
| Known affected software configurations - From (including) 6.2.3 Up to (excluding) 6.2.3.16 - From (including) 6.3.0 Up to (excluding) 6.3.0.6 - From (including) 6.4.0 Up to (excluding) 6.4.0.9 - From (including) 6.5.0 Up to (excluding) 6.5.0.5 - From (including) 9.8 Up to (excluding) 9.8.4.20 - From (including) 9.9 Up to (excluding) 9.9.2.67 - From (including) 9.10 Up to (excluding) 9.10.1.40 - From (including) 9.12 Up to (excluding) 9.12.3.9 - From (including) 9.13 Up to (excluding) 9.13.1.10 |
CVE-2020-3259 | High | 7.5 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. (refer Patch Management):