Communiqué

Vulnérabilités critiques sur Cisco ASA software/appliance et FTD software (CVE-2024-20359, CVE-2024-20358, CVE-2024-20353) (uniquement en anglais)

The CSSF has been made aware of three recent critical vulnerabilities (CVE-2024-20359, CVE-2024-20358 and CVE-2024-20353) in Cisco ASA (Adaptive Security Appliance) software/appliance and FTD (Firepower Threat Defense) software, which are actively exploited.

CIRCL, the Computer Incident Center Luxembourg, published a technical report on this subject, including recommendations, available at this URL: https://circl.lu/pub/tr-85/.

The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.