cyber Vulnerability

Cisco: MSN

Apr 6, 2026 2 min read
Cisco: MSN

Critical Zero-Day Exploit in Progress: Cisco ASA and FTD Devices Under Active Attack

A severe zero-day vulnerability in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being actively exploited in the wild, with threat actors targeting unpatched systems to gain unauthorized access. The flaw, tracked as CVE-2024-20353 (CVSS score: 8.6), allows attackers to execute arbitrary code remotely by sending specially crafted packets to affected devices.

Key Details:

  • Who: Cisco confirmed the vulnerability, attributing exploitation attempts to an unidentified advanced persistent threat (APT) group. Security researchers at Cisco Talos and Rapid7 independently detected the attacks.
  • What: The flaw stems from improper input validation in the web services interface of ASA and FTD devices, enabling unauthenticated remote code execution (RCE) without user interaction.
  • When: Exploitation attempts were first observed in late March 2024, with Cisco releasing an advisory and patches on April 24, 2024. Attacks have intensified since the disclosure.
  • Where: Targets include enterprise networks, government agencies, and critical infrastructure sectors globally, with a concentration in North America and Europe.
  • Why: While Cisco has not disclosed specific motives, the sophistication of the attacks suggests espionage or pre-positioning for future disruptive operations.

Impact:
Successful exploitation grants attackers full control over vulnerable devices, potentially leading to lateral movement, data exfiltration, or network disruption. Cisco has urged organizations to apply patches immediately, as proof-of-concept (PoC) exploits are already circulating in underground forums. Unpatched systems remain at high risk, with over 10,000 exposed devices identified via public scans.

Cisco has released software updates (ASA 9.18.4.15 and FTD 7.2.5) to mitigate the flaw, alongside temporary workarounds, including disabling web services on affected interfaces. The incident underscores the growing threat of zero-day exploits targeting perimeter security devices.

Source: https://www.msn.com/en-us/news/us/class-action-lawsuit-filed-against-nike-over-data-breach/ar-AA1ZPdAB?uxmode=ruby

Cisco cybersecurity rating report: https://www.rankiteo.com/company/cisco

"id": "CIS1775493782",
"linkid": "cisco",
"type": "Vulnerability",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Enterprise networks, government '
                                              'agencies, critical '
                                              'infrastructure sectors',
                        'industry': 'Networking and Cybersecurity',
                        'location': 'Global (concentration in North America '
                                    'and Europe)',
                        'name': 'Cisco',
                        'type': 'Technology Vendor'}],
 'attack_vector': 'Remote Code Execution (RCE)',
 'data_breach': {'data_exfiltration': 'Potential'},
 'date_detected': '2024-03-01',
 'date_publicly_disclosed': '2024-04-24',
 'description': 'A severe zero-day vulnerability in Cisco’s Adaptive Security '
                'Appliance (ASA) and Firepower Threat Defense (FTD) software '
                'is being actively exploited in the wild, with threat actors '
                'targeting unpatched systems to gain unauthorized access. The '
                'flaw, tracked as CVE-2024-20353 (CVSS score: 8.6), allows '
                'attackers to execute arbitrary code remotely by sending '
                'specially crafted packets to affected devices.',
 'impact': {'data_compromised': 'Potential data exfiltration',
            'operational_impact': 'Network disruption, lateral movement',
            'systems_affected': 'Cisco ASA and FTD devices'},
 'investigation_status': 'Ongoing',
 'motivation': ['Espionage',
                'Pre-positioning for future disruptive operations'],
 'post_incident_analysis': {'corrective_actions': 'Software updates, input '
                                                  'validation improvements',
                            'root_causes': 'Improper input validation in the '
                                           'web services interface of ASA and '
                                           'FTD devices'},
 'recommendations': 'Apply patches immediately, disable web services on '
                    'affected interfaces if patches cannot be applied',
 'references': [{'source': 'Cisco Advisory'},
                {'source': 'Cisco Talos'},
                {'source': 'Rapid7'}],
 'response': {'communication_strategy': 'Public advisory and patch release',
              'containment_measures': 'Patches released (ASA 9.18.4.15 and FTD '
                                      '7.2.5), disabling web services on '
                                      'affected interfaces',
              'remediation_measures': 'Software updates, temporary workarounds',
              'third_party_assistance': 'Cisco Talos, Rapid7'},
 'stakeholder_advisories': 'Cisco has urged organizations to apply patches '
                           'immediately due to circulating PoC exploits.',
 'threat_actor': 'Unidentified Advanced Persistent Threat (APT) group',
 'title': 'Critical Zero-Day Exploit in Progress: Cisco ASA and FTD Devices '
          'Under Active Attack',
 'type': 'Zero-Day Exploit',
 'vulnerability_exploited': 'CVE-2024-20353'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.