CISA Sounds Alarm on Actively Exploited Cisco and Roundcube Vulnerabilities

CVE-2023-27532 & CVE-2024-37383

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two actively exploited vulnerabilities affecting Cisco networking devices and the popular Roundcube webmail software. These flaws pose significant risks to organizations and individuals, potentially leading to denial-of-service conditions and the theft of sensitive information.

Cisco VPN Vulnerability Under Attack

The first vulnerability, tracked as CVE-2024-20481, resides in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software. This flaw allows unauthenticated, remote attackers to overwhelm the RAVPN service with a flood of authentication requests, ultimately causing a denial-of-service (DoS) condition. Cisco has confirmed active exploitation of this vulnerability and urges users to update their devices immediately.

Roundcube Webmail Users Targeted in Phishing Campaign

The second vulnerability, CVE-2024-37383, affects the open-source Roundcube webmail software. This flaw allows attackers to inject malicious JavaScript code into emails, potentially compromising user credentials and other sensitive data. Positive Technologies, a Russian cybersecurity firm, recently discovered a phishing campaign targeting a governmental organization in a CIS country that leveraged this vulnerability.

Urgent Action Required

CISA has added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, mandating that Federal Civilian Executive Branch (FCEB) agencies patch their systems by November 14, 2024. However, all organizations and individuals using affected Cisco and Roundcube products are strongly encouraged to apply the available updates as soon as possible.

Related Posts: