CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention

CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention

/in

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent advisories regarding two vulnerabilities that pose substantial risks to organizations: CVE-2024-20481, a denial-of-service (DoS) vulnerability affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), and CVE-2024-37383, a cross-site scripting (XSS) vulnerability in RoundCube Webmail. Both vulnerabilities highlight the necessity for immediate action to safeguard against potential exploitation.

The relevant CVE IDs for these vulnerabilities are CVE-2024-37383 and CVE-2024-20481. The first vulnerability, CVE-2024-37383, affects Roundcube Webmail versions prior to 1.5.7 and 1.6.x before 1.6.7, while CVE-2024-20481 impacts Cisco products running a vulnerable release of Cisco ASA or FTD Software with the RAVPN service enabled. 

Even though patches are available for both vulnerabilities, with public exploits noted for CVE-2024-37383. Links to the respective patches for Roundcube Webmail and Cisco ASA or FTD Software are provided for reference.

New Vulnerability details: CVE-2024-37383 and CVE-2024-20481

CVE-2024-20481 retains a critical denial-of-service vulnerability found in Cisco ASA and FTD devices. The flaw allows an unauthenticated attacker to exploit the affected systems through a crafted HTTP request, which can lead to a system crash and a complete service outage.

This vulnerability has been assigned a CVSSv3.1 score of 9.8, categorizing it as critical. The implications of a successful exploit are severe, as it can have wide-ranging consequences, such as disrupting operations and compromising the availability of critical network security devices. Cisco ASA and FTD devices are essential for maintaining secure network infrastructures, making this vulnerability particularly concerning for organizations that rely on these systems for their security posture.

The second vulnerability that was highlighted by CISA is CVE-2024-37383, which is a cross-site scripting (XSS) vulnerability found in RoundCube Webmail. This vulnerability allows attackers and APT groups to inject malicious scripts into web pages viewed by users, potentially leading to data theft, session hijacking, or other malicious activities.

CVE-2024-37383 has been rated with a CVSSv3.1 score of 6.5, indicating a medium severity level. However, the potential consequences of a successful XSS attack can be significant, especially in webmail applications where users may unwittingly expose sensitive information.

Recommendations and Mitigation Strategies

To address the risks posed by CVE-2024-37383 and CVE-2024-20481, organizations are advised to take the following actions:


Organizations should promptly apply updates and patches released for RoundCube to close this vulnerability and prevent potential exploitation.

Implementing strict input validation and sanitization practices can help mitigate the risks associated with XSS vulnerabilities. This involves ensuring that all user input is properly escaped and validated before being rendered on a web page(s).

Educating users about the risks of clicking on suspicious links or opening unexpected emails can reduce the likelihood of falling victim to XSS attacks.

Deploying WAFs can provide an additional layer of security by filtering and monitoring HTTP traffic to and from web applications, blocking malicious requests before they reach the application.

Organizations should apply the latest Cisco patches as soon as possible. This is essential to protect against potential exploitation of the vulnerability.

Implementing better monitoring and logging practices can help detect unusual activities that may indicate an attempted exploitation of the vulnerability.

Proper segmentation of networks can minimize the risk of a successful attack impacting the entire network infrastructure.

Firewalls and access controls should be employed to protect critical assets.

Conclusion

CISA’s advisories regarding CVE-2024-20481 and CVE-2024-37383 highlight the critical nature of addressing cybersecurity vulnerabilities. Organizations that utilize Cisco ASA and FTD devices or RoundCube Webmail must take immediate action to mitigate the risks associated with these vulnerabilities.

Patches must be applied on time to maintain the integrity and availability of online systems. Organizations must prioritize these actions to protect their networks and sensitive information from potential exploitation.

The post CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention appeared first on Cyble.

Blog – Cyble – ​Read More