更新時間:2024/04/30 15:33:13
發佈時間:2024/04/30 15:33:13
TLP:
(White)
得對外公開散布,但不得違反著作權法等相關規定
更新說明:
一、漏洞說明[1]
Cisco發布旗下Adaptive Security Appliance(ASA)及Firepower Threat Defense(FTD)軟體之管理及VPN網頁伺服器存在高風險漏洞,未經身分驗證的遠端攻擊者,可透過向受影響設備的網頁伺服器發送特製的HTTP請求以利用此漏洞,可能在裝置重新載入時導致服務阻斷(DoS)。
二、已揭露攻擊程式碼說明
1.CISA列入已遭利用漏洞清單[2],建議優先修補。
2.官方威脅情資團隊揭露已有駭客組織利用此漏洞進行攻擊,並提供攻擊方式以及相關IoC等資訊[3]。
三、F-ISAC彙整相關入侵威脅指標於附件。
▶ 參考資訊
⌵
| 網址 | 說明 |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2#fs | 1. Cisco |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog | 2. CISA |
| https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ | 3. TALOS |
▶ 影響平台
⌵
影響平台-系統:
請參考官方公告Affected Products一節,檢視單位內ASA及FTD軟體是否有開啟SSL或VPN等相關功能,或利用官方提供之檢查工具,檢視單位內使用之版本是否受漏洞影響。
▶ 建議措施
⌵
1. Cisco 已發佈修補程式,建議會員依照單位內既有漏洞管理機制,評估後執行相關作業。
2. 建議會員可透過單位內設備觀察是否曾有對這些(可疑)IP之連線紀錄,進行分析及風險評估(建議確認連線請求者是否為正常或合法的連線),並依照既有防護設備採取對應防護措施。
▶ 漏洞資訊
⌵
名稱:
CVE-2024-20353
描述:
使用版本:CVSS3.1
分析分數:8.6
參考來源:Cisco
▶ IoC資料欄位
⌵
| 類別 | 內容 |
|---|---|
| IPv4 | 192.36.57.181 |
| IPv4 | 185.167.60.85 |
| IPv4 | 185.227.111.17 |
| IPv4 | 176.31.18.153 |
| IPv4 | 172.105.90.154 |
| IPv4 | 185.244.210.120 |
| IPv4 | 45.86.163.224 |
| IPv4 | 172.105.94.93 |
| IPv4 | 213.156.138.77 |
| IPv4 | 89.44.198.189 |
| IPv4 | 45.77.52.253 |
| IPv4 | 103.114.200.230 |
| IPv4 | 212.193.2.48 |
| IPv4 | 51.15.145.37 |
| IPv4 | 89.44.198.196 |
| IPv4 | 131.196.252.148 |
| IPv4 | 213.156.138.78 |
| IPv4 | 121.227.168.69 |
| IPv4 | 213.156.138.68 |
| IPv4 | 194.4.49.6 |
| IPv4 | 185.244.210.65 |
| IPv4 | 216.238.75.155 |
| IPv4 | 5.183.95.95 |
| IPv4 | 45.63.119.131 |
| IPv4 | 45.76.118.87 |
| IPv4 | 45.77.54.14 |
| IPv4 | 45.86.163.244 |
| IPv4 | 45.128.134.189 |
| IPv4 | 89.44.198.16 |
| IPv4 | 96.44.159.46 |
| IPv4 | 103.20.222.218 |
| IPv4 | 103.27.132.69 |
| IPv4 | 103.51.140.101 |
| IPv4 | 103.119.3.230 |
| IPv4 | 103.125.218.198 |
| IPv4 | 104.156.232.22 |
| IPv4 | 107.148.19.88 |
| IPv4 | 107.172.16.208 |
| IPv4 | 107.173.140.111 |
| IPv4 | 121.37.174.139 |
| IPv4 | 139.162.135.12 |
| IPv4 | 149.28.166.244 |
| IPv4 | 152.70.83.47 |
| IPv4 | 154.22.235.13 |
| IPv4 | 154.22.235.17 |
| IPv4 | 154.39.142.47 |
| IPv4 | 172.233.245.241 |
| IPv4 | 185.123.101.250 |
| IPv4 | 192.210.137.35 |
| IPv4 | 194.32.78.183 |
| IPv4 | 205.234.232.196 |
| IPv4 | 207.148.74.250 |
| IPv4 | 216.155.157.136 |
| IPv4 | 216.238.66.251 |
| IPv4 | 216.238.71.49 |
| IPv4 | 216.238.72.201 |
| IPv4 | 216.238.74.95 |
| IPv4 | 216.238.81.149 |
| IPv4 | 216.238.85.220 |
| IPv4 | 216.238.86.24 |
情資編號:
FISAC-200-202404-0002
系統目錄:
資安漏洞
資安類別:
漏洞公告 /
影響等級:
3
關鍵字:
弱點漏洞、惡意IP