{"vulnerability": "cve-2024-2042", "sightings": [{"uuid": "788550fc-5543-451e-872f-bc0a93b4e1bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20426", "type": "seen", "source": "https://t.me/cvedetector/8755", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20426 - Cisco ASA and FTD IKEv2 Insufficient Input Validation DoS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20426 \nPublished : Oct. 23, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.  \n  \n This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T20:45:12.000000Z"}, {"uuid": "c5833273-e660-4131-a234-af89de853ac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20424", "type": "exploited", "source": "https://t.me/ics_cert/941", "content": "\u0633\u06cc\u0633\u06a9\u0648 \u0628\u0631\u0627\u06cc \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0627\u0645\u0646\u06cc\u062a\u06cc \u062a\u0637\u0628\u06cc\u0642\u06cc \u200b\u200b(ASA)\u060c \u0645\u0631\u06a9\u0632 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0627\u0645\u0646 (FMC) \u0648 Firepower Threat Defense (FTD) \u0627\u0635\u0644\u0627\u062d\u0627\u062a\u06cc \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a\u060c \u0627\u0632 \u062c\u0645\u0644\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u0637\u0628\u06cc\u0639\u062a \u0642\u0627\u0628\u0644 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0633\u062a.\n\nCVE-2024-20481 \u0628\u0627 CVSS 5.8 \u0633\u0631\u0648\u06cc\u0633 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 VPN (RAVPN) ASA \u0648 FTD \u0631\u0627 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f \u0648 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0648 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0646\u0634\u062f\u0647 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u0628\u0627 \u0641\u0631\u0633\u0648\u062f\u06af\u06cc \u0645\u0646\u0627\u0628\u0639 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u062a\u0639\u062f\u0627\u062f \u0632\u06cc\u0627\u062f\u06cc \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a VPN\u060c \u0634\u0631\u0627\u06cc\u0637 DoS \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u0646\u062f.\n\n\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0631\u062f\u060c \u062a\u0646\u0647\u0627 \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0646\u0633\u062e\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 ASA \u06cc\u0627 FTD \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06a9\u0647 \u0633\u0631\u0648\u06cc\u0633 RAVPN \u0631\u0648\u06cc \u0622\u0646\u200c\u0647\u0627 \u0641\u0639\u0627\u0644 \u0627\u0633\u062a\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0647\u0633\u062a\u0646\u062f.\n\n\u0633\u06cc\u0633\u06a9\u0648 \u0645\u06cc\u200c\u06af\u0648\u06cc\u062f \u062d\u0645\u0644\u0627\u062a \u0645\u0634\u0627\u0647\u062f\u0647\u200c\u0634\u062f\u0647 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u06cc\u06a9 \u06a9\u0645\u067e\u06cc\u0646 \u062f\u0631 \u0645\u0642\u06cc\u0627\u0633 \u0628\u0632\u0631\u06af \u0628\u0627 \u0646\u06cc\u0631\u0648\u06cc brute-force \u0627\u0633\u062a \u06a9\u0647 \u0686\u0646\u062f\u06cc\u0646 \u0633\u0631\u0648\u06cc\u0633 VPN \u0648 SSH \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u06a9\u0647 \u062f\u0631 \u0622\u0648\u0631\u06cc\u0644 2024 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u06a9\u0631\u062f. \u0622\u0646\u0647\u0627 \u0646\u0647 \u062a\u0646\u0647\u0627 \u0633\u06cc\u0633\u06a9\u0648\u060c \u0628\u0644\u06a9\u0647 \u0645\u062d\u0635\u0648\u0644\u0627\u062a\u06cc \u0627\u0632 Checkpoint\u060c Fortinet\u060c SonicWall\u060c MikroTik\u060c Draytek \u0648 Ubiquiti \u0631\u0627 \u0646\u06cc\u0632 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u0646\u062f.\n\n\u0627\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647 \u0634\u0634 \u0645\u0627\u0647\u0647 \u0647\u0645\u0686\u0646\u06cc\u0646 50 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u06cc\u06af\u0631\u060c \u0627\u0632 \u062c\u0645\u0644\u0647 \u0633\u0647 \u0645\u0648\u0636\u0648\u0639 \u062d\u06cc\u0627\u062a\u06cc \u0631\u0627 \u0634\u0631\u062d \u0645\u06cc \u062f\u0647\u062f. \u0647\u06cc\u0686 \u0645\u062f\u0631\u06a9\u06cc \u062f\u0627\u0644 \u0628\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0647\u06cc\u0686 \u06cc\u06a9 \u0627\u0632 \u0622\u0646\u0647\u0627 \u062f\u0631 \u062d\u0645\u0644\u0627\u062a \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f.\n\n\u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0641\u0631\u0648\u0634\u0646\u062f\u0647 \u0647\u0634\u062f\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u06cc\u06a9 PoC \u0628\u0631\u0627\u06cc CVE-2024-20377\u060c CVE-2024-20387\u060c \u0648 CVE-2024-20388\u060c \u0633\u0647 \u0628\u0627\u06af \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062f\u0631 FMC\u060c \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0627\u0633\u062a.\n\n\u0627\u0648\u0644\u06cc\u0646 \u0628\u0627\u06af \u0645\u0647\u0645 \u062f\u0631 ASA\u060c CVE-2024-20329 (CVSS 9.9)\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u062f\u0647 \u0648 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0631\u0627 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0631\u06cc\u0634\u0647 \u0627\u0632 \u0637\u0631\u06cc\u0642 SSH \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f.\n\nCVE-2024-20424 (CVSS 9.9) \u062f\u0631 FMC \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u062f\u0647 \u0648 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc HTTP \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0627\u06cc \u0631\u0627 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647 \u062f\u0631\u0633\u062a\u06cc \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u062f\u0644\u062e\u0648\u0627\u0647 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0631\u06cc\u0634\u0647 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0632\u06cc\u0631\u06cc\u0646 \u062f\u0633\u062a\u06af\u0627\u0647 \u0647\u0627 \u062a\u0623\u06cc\u06cc\u062f \u0646\u0634\u062f\u0647 \u0627\u0646\u062f.\n\n\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc FTD \u0631\u0648\u06cc \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0647\u0627\u06cc \u0633\u0631\u06cc Cisco Firepower 1000\u060c 2100\u060c 3100 \u0648 4200 \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f \u0648 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 CVE-2024-20412 (CVSS 9.3) \u0631\u062f\u06cc\u0627\u0628\u06cc \u0645\u06cc \u0634\u0648\u062f.\n\n\u0627\u06cc\u0646 \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u062d\u0644\u06cc \u0648 \u062a\u0627\u06cc\u06cc\u062f \u0646\u0634\u062f\u0647 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc \u0627\u06cc\u0633\u062a\u0627 \u0648\u0627\u0631\u062f \u0631\u0627\u0628\u0637 \u062e\u0637 \u0641\u0631\u0645\u0627\u0646 \u06cc\u06a9 \u062f\u0633\u062a\u06af\u0627\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0634\u0648\u062f.\n\n\u0633\u06cc\u0633\u06a9\u0648 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0635\u0644\u0627\u062d\u0627\u062a\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc 10 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u062f\u0631 FTD \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f \u06a9\u0647 \u0628\u06cc\u0634 \u0627\u0632 \u0646\u06cc\u0645\u06cc \u0627\u0632 \u0622\u0646 \u0647\u0627 ASA \u0631\u0627 \u0646\u06cc\u0632 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0646\u062f. \u06cc\u06a9\u06cc \u062f\u06cc\u06af\u0631 \u0627\u0632 \u0646\u0642\u0635\u200c\u0647\u0627\u06cc \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u062f\u0631 \u0627\u0628\u0632\u0627\u0631 \u0645\u062c\u0627\u0632\u06cc \u0627\u0645\u0646\u06cc\u062a \u062a\u0637\u0628\u06cc\u0642\u06cc \u200b\u200b(ASAv) \u0648 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0627\u0645\u0646\u060c \u062f\u0641\u0627\u0639 \u0645\u062c\u0627\u0632\u06cc (FTDv) \u0628\u0631\u0631\u0633\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\u0628\u0647 \u0627\u0633\u062a\u062b\u0646\u0627\u06cc \u06cc\u06a9 \u0627\u0634\u06a9\u0627\u0644 \u062f\u0631 \u0633\u0631\u0648\u0631 \u0648\u0628 VPN ASA \u0648 FTD \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0631\u06cc\u0634\u0647 \u0634\u0648\u062f\u060c \u0645\u0633\u0627\u0626\u0644 \u062c\u062f\u06cc \u0628\u0627\u0642\u06cc \u0645\u0627\u0646\u062f\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u0634\u0631\u0627\u06cc\u0637 DoS \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u0646\u062f.\n\n\u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0633\u06cc\u0633\u06a9\u0648 \u062a\u0634\u0648\u06cc\u0642 \u0645\u06cc \u0634\u0648\u0646\u062f \u062a\u0627 \u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0627\u0635\u0644\u0627\u062d\u0627\u062a \u0631\u0627 \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u0646\u062f. \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627 \u06cc\u0627\u0641\u062a.\n\n\ud83c\udfaf \u062f\u0631 \u062c\u0631\u06cc\u0627\u0646 \u0646\u0628\u0636 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc \u0635\u0646\u0639\u062a\u06cc \u0628\u0627\u0634\u06cc\u062f:\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2024-10-31T18:51:56.000000Z"}, {"uuid": "9cc5995e-9be0-4c74-9d4f-24e94bf2147a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20424", "type": "seen", "source": "https://t.me/ics_cert/943", "content": "\u0633\u06cc\u0633\u06a9\u0648 \u0628\u0631\u0627\u06cc \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0627\u0645\u0646\u06cc\u062a\u06cc \u062a\u0637\u0628\u06cc\u0642\u06cc \u200b\u200b(ASA)\u060c \u0645\u0631\u06a9\u0632 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0627\u0645\u0646 (FMC) \u0648 Firepower Threat Defense (FTD) \u0627\u0635\u0644\u0627\u062d\u0627\u062a\u06cc \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a\u060c \u0627\u0632 \u062c\u0645\u0644\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u067e\u0644\u0646\u062a \u0647\u0627 \u0642\u0627\u0628\u0644 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0633\u062a.\n\nCVE-2024-20481 \u0628\u0627 CVSS 5.8 \u0633\u0631\u0648\u06cc\u0633 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 VPN (RAVPN) ASA \u0648 FTD \u0631\u0627 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f \u0648 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0648 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0646\u0634\u062f\u0647 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u0628\u0627 \u0641\u0631\u0633\u0648\u062f\u06af\u06cc \u0645\u0646\u0627\u0628\u0639 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u062a\u0639\u062f\u0627\u062f \u0632\u06cc\u0627\u062f\u06cc \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a VPN\u060c \u0634\u0631\u0627\u06cc\u0637 DoS \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u0646\u062f.\n\n\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0631\u062f\u060c \u062a\u0646\u0647\u0627 \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0646\u0633\u062e\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 ASA \u06cc\u0627 FTD \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06a9\u0647 \u0633\u0631\u0648\u06cc\u0633 RAVPN \u0631\u0648\u06cc \u0622\u0646\u200c\u0647\u0627 \u0641\u0639\u0627\u0644 \u0627\u0633\u062a\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0647\u0633\u062a\u0646\u062f.\n\n\u0633\u06cc\u0633\u06a9\u0648 \u0645\u06cc\u200c\u06af\u0648\u06cc\u062f \u062d\u0645\u0644\u0627\u062a \u0645\u0634\u0627\u0647\u062f\u0647\u200c\u0634\u062f\u0647 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u06cc\u06a9 \u06a9\u0645\u067e\u06cc\u0646 \u062f\u0631 \u0645\u0642\u06cc\u0627\u0633 \u0628\u0632\u0631\u06af \u0628\u0627 \u0646\u06cc\u0631\u0648\u06cc brute-force \u0627\u0633\u062a \u06a9\u0647 \u0686\u0646\u062f\u06cc\u0646 \u0633\u0631\u0648\u06cc\u0633 VPN \u0648 SSH \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u06a9\u0647 \u062f\u0631 \u0622\u0648\u0631\u06cc\u0644 2024 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u06a9\u0631\u062f. \u0622\u0646\u0647\u0627 \u0646\u0647 \u062a\u0646\u0647\u0627 \u0633\u06cc\u0633\u06a9\u0648\u060c \u0628\u0644\u06a9\u0647 \u0645\u062d\u0635\u0648\u0644\u0627\u062a\u06cc \u0627\u0632 Checkpoint\u060c Fortinet\u060c SonicWall\u060c MikroTik\u060c Draytek \u0648 Ubiquiti \u0631\u0627 \u0646\u06cc\u0632 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u0646\u062f.\n\n\u0627\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647 \u0634\u0634 \u0645\u0627\u0647\u0647 \u0647\u0645\u0686\u0646\u06cc\u0646 50 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u06cc\u06af\u0631\u060c \u0627\u0632 \u062c\u0645\u0644\u0647 \u0633\u0647 \u0645\u0648\u0636\u0648\u0639 \u062d\u06cc\u0627\u062a\u06cc \u0631\u0627 \u0634\u0631\u062d \u0645\u06cc \u062f\u0647\u062f. \u0647\u06cc\u0686 \u0645\u062f\u0631\u06a9\u06cc \u062f\u0627\u0644 \u0628\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0647\u06cc\u0686 \u06cc\u06a9 \u0627\u0632 \u0622\u0646\u0647\u0627 \u062f\u0631 \u062d\u0645\u0644\u0627\u062a \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f.\n\n\u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0641\u0631\u0648\u0634\u0646\u062f\u0647 \u0647\u0634\u062f\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u06cc\u06a9 PoC \u0628\u0631\u0627\u06cc CVE-2024-20377\u060c CVE-2024-20387\u060c \u0648 CVE-2024-20388\u060c \u0633\u0647 \u0628\u0627\u06af \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062f\u0631 FMC\u060c \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0627\u0633\u062a.\n\n\u0627\u0648\u0644\u06cc\u0646 \u0628\u0627\u06af \u0645\u0647\u0645 \u062f\u0631 ASA\u060c CVE-2024-20329 (CVSS 9.9)\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u062f\u0647 \u0648 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0631\u0627 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0631\u06cc\u0634\u0647 \u0627\u0632 \u0637\u0631\u06cc\u0642 SSH \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f.\n\nCVE-2024-20424 (CVSS 9.9) \u062f\u0631 FMC \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u062f\u0647 \u0648 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc HTTP \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0627\u06cc \u0631\u0627 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647 \u062f\u0631\u0633\u062a\u06cc \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u062f\u0644\u062e\u0648\u0627\u0647 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0631\u06cc\u0634\u0647 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0632\u06cc\u0631\u06cc\u0646 \u062f\u0633\u062a\u06af\u0627\u0647 \u0647\u0627 \u062a\u0623\u06cc\u06cc\u062f \u0646\u0634\u062f\u0647 \u0627\u0646\u062f.\n\n\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc FTD \u0631\u0648\u06cc \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0647\u0627\u06cc \u0633\u0631\u06cc Cisco Firepower 1000\u060c 2100\u060c 3100 \u0648 4200 \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f \u0648 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 CVE-2024-20412 (CVSS 9.3) \u0631\u062f\u06cc\u0627\u0628\u06cc \u0645\u06cc \u0634\u0648\u062f.\n\n\u0627\u06cc\u0646 \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u062d\u0644\u06cc \u0648 \u062a\u0627\u06cc\u06cc\u062f \u0646\u0634\u062f\u0647 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc \u0627\u06cc\u0633\u062a\u0627 \u0648\u0627\u0631\u062f \u0631\u0627\u0628\u0637 \u062e\u0637 \u0641\u0631\u0645\u0627\u0646 \u06cc\u06a9 \u062f\u0633\u062a\u06af\u0627\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0634\u0648\u062f.\n\n\u0633\u06cc\u0633\u06a9\u0648 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0635\u0644\u0627\u062d\u0627\u062a\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc 10 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u062f\u0631 FTD \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f \u06a9\u0647 \u0628\u06cc\u0634 \u0627\u0632 \u0646\u06cc\u0645\u06cc \u0627\u0632 \u0622\u0646 \u0647\u0627 ASA \u0631\u0627 \u0646\u06cc\u0632 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0646\u062f. \u06cc\u06a9\u06cc \u062f\u06cc\u06af\u0631 \u0627\u0632 \u0646\u0642\u0635\u200c\u0647\u0627\u06cc \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u062f\u0631 \u0627\u0628\u0632\u0627\u0631 \u0645\u062c\u0627\u0632\u06cc \u0627\u0645\u0646\u06cc\u062a \u062a\u0637\u0628\u06cc\u0642\u06cc \u200b\u200b(ASAv) \u0648 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0627\u0645\u0646\u060c \u062f\u0641\u0627\u0639 \u0645\u062c\u0627\u0632\u06cc (FTDv) \u0628\u0631\u0631\u0633\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\u0628\u0647 \u0627\u0633\u062a\u062b\u0646\u0627\u06cc \u06cc\u06a9 \u0627\u0634\u06a9\u0627\u0644 \u062f\u0631 \u0633\u0631\u0648\u0631 \u0648\u0628 VPN ASA \u0648 FTD \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0631\u06cc\u0634\u0647 \u0634\u0648\u062f\u060c \u0645\u0633\u0627\u0626\u0644 \u062c\u062f\u06cc \u0628\u0627\u0642\u06cc \u0645\u0627\u0646\u062f\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u0634\u0631\u0627\u06cc\u0637 DoS \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u0646\u062f.\n\n\u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0633\u06cc\u0633\u06a9\u0648 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u0646\u062f \u062a\u0627 \u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0627\u0635\u0644\u0627\u062d\u0627\u062a \u0631\u0627 \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u0646\u062f. \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627 \u06cc\u0627\u0641\u062a.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2024-11-03T17:33:56.000000Z"}, {"uuid": "5cd59fa5-05cb-4127-93c2-bc5917c894db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20424", "type": "seen", "source": "https://t.me/cvedetector/8760", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20424 - \"Cisco Secure Firewall Management Center (FMC) HTTP Request Command Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-20424 \nPublished : Oct. 23, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root.  \n  \n This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only). \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T20:45:19.000000Z"}, {"uuid": "35340782-4e3d-45e5-8230-3249f724db01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20424", "type": "seen", "source": "https://t.me/CyberBulletin/1246", "content": "\u26a1\ufe0fCVE-2024-20424 (CVSS 9.9): Cisco FMC Software Vulnerability Grants Attackers Root Access.\n\n#CyberBulletin", "creation_timestamp": "2024-10-24T07:49:34.000000Z"}, {"uuid": "22092a1d-f5a7-45cb-8031-698dfae0d61b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20421", "type": "seen", "source": "https://t.me/cvedetector/8109", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20421 - Cisco ATA 190 Series Analog Telephone Adapter CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20421 \nPublished : Oct. 16, 2024, 5:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.  \n  \nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T19:44:26.000000Z"}, {"uuid": "189ad517-0481-49ee-8532-5299cd0db97e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20429", "type": "seen", "source": "https://t.me/cvedetector/1102", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20429 - Cisco AsyncOS for Secure Email Gateway Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-20429 \nPublished : July 17, 2024, 5:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device.  \n  \n This vulnerability is due to insufficient input validation in certain portions of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To successfully exploit this vulnerability, an attacker would need at least valid Operator credentials. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T19:53:43.000000Z"}, {"uuid": "1d76ccad-2963-4073-be8d-8234bd60bdd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2042", "type": "seen", "source": "https://t.me/ctinow/209326", "content": "https://ift.tt/286sYFW\nCVE-2024-2042", "creation_timestamp": "2024-03-16T04:26:06.000000Z"}, {"uuid": "95d00548-a0b1-498d-b569-bf415f9e34e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2042", "type": "seen", "source": "https://t.me/ctinow/209323", "content": "https://ift.tt/286sYFW\nCVE-2024-2042", "creation_timestamp": "2024-03-16T04:21:37.000000Z"}, {"uuid": "2f8a04c1-42e7-47b8-a350-8b20cec2f31a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20424", "type": "exploited", "source": "https://t.me/true_secator/6358", "content": "Cisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC) \u0438 Firepower Threat Defense (FTD), \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.\n\nCVE-2024-20481 \u0441 CVSS 5,8 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0441\u043b\u0443\u0436\u0431\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 VPN (RAVPN) ASA \u0438 FTD \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c, \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 DoS \u043f\u0443\u0442\u0435\u043c \u0438\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e VPN.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 ASA \u0438\u043b\u0438 FTD, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0441\u043b\u0443\u0436\u0431\u0430 RAVPN.\n\nCisco \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442, \u0447\u0442\u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441\u00a0\u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u0431\u0440\u0443\u0442-\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0435\u0439,\u00a0\u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 VPN \u0438 SSH, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043e\u043d \u0432\u044b\u044f\u0432\u0438\u043b \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2024 \u0433\u043e\u0434\u0430. \u041e\u043d\u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 Cisco, \u043d\u043e \u0438 \u043d\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Checkpoint, Fortinet, SonicWall, MikroTik, Draytek \u0438 Ubiquiti.\n\n\u0412 \u043f\u043e\u043b\u0443\u0433\u043e\u0434\u043e\u0432\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445, \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u044b 50 \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0442\u0440\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b. \u0414\u0430\u043d\u043d\u044b\u0445 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0438\u0437 \u043d\u0438\u0445 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043e.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC \u0434\u043b\u044f CVE-2024-20377, CVE-2024-20387 \u0438 CVE-2024-20388, \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 FMC.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430 \u0432 ASA, CVE-2024-20329 (CVSS 9,9), \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u041e\u0421 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root \u0447\u0435\u0440\u0435\u0437 SSH, \u043f\u043e\u043b\u0443\u0447\u0430\u044f \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439.\n\nCVE-2024-20424 (CVSS 9,9) \u0432 FMC \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043f\u0440\u043e\u0448\u043b\u0438 \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443, \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root \u0432 \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u041e\u0421 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c FTD \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u044d\u043a\u0440\u0430\u043d\u044b Cisco Firepower \u0441\u0435\u0440\u0438\u0439 1000, 2100, 3100 \u0438 4200 \u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-20412 (CVSS 9,3).\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u043e\u0439\u0442\u0438 \u0432 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u0442\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435.\n\nCisco \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f 10 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 FTD, \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u044b \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0438 ASA. \u0415\u0449\u0435 \u043e\u0434\u0438\u043d \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0431\u044b\u043b \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d \u0432 Adaptive Security Virtual Appliance (ASAv) \u0438 Secure Firewall Threat Defense Virtual (FTDv).\n\n\u0417\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 VPN ASA \u0438 FTD, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root, \u043e\u0441\u0442\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0443\u0441\u043b\u043e\u0432\u0438\u0439 DoS.\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c Cisco \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f. \u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0437\u0434\u0435\u0441\u044c.", "creation_timestamp": "2024-10-24T18:00:07.000000Z"}, {"uuid": "9235a779-0caf-4d01-8d88-053cedd9194a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20424", "type": "seen", "source": "https://t.me/CyberBulletin/26181", "content": "\u26a1\ufe0fCVE-2024-20424 (CVSS 9.9): Cisco FMC Software Vulnerability Grants Attackers Root Access.\n\n#CyberBulletin", "creation_timestamp": "2024-10-24T07:49:33.000000Z"}]}