Passthrough – Cisco Releases May 2024 Cisco ASA, FMC, and FTD Software Security Publication

Given widespread use, WaterISAC is passing through the following alert which incorporates patches that address previously reported on zero day vulnerabilities regarding ArcaneDoor. Cisco released a bundled publication for security advisories that address vulnerabilities in Cisco Adaptive Security Appliance (ASA), Firepower Management Center (FMC), and Firepower Threat Defense (FTD) software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Cisco has confirmed that all of the fixed software releases that are part of this bundle include the fix for the vulnerabilities that were involved in the ArcaneDoor attack campaign, described in CVE-2024-20353, CVE-2024-20358, and CVE-2024-20359.

Utilities using the impacted Cisco products are encouraged to review and address accordingly. Likewise, utilities that outsource IT services are urged to share this information and ensure service providers are addressing accordingly.

Users and administrators are encouraged to review the following publication and apply necessary updates:

• Cisco Event Response: May 2024 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication