Security Advisory – CISA Catalog Update Includes New Cisco and CrushFTP Vulnerabilities

On April 24, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. These include a Denial of Service (DoS) and a Privilege Escalation vulnerability in Cisco ASA and FTD systems, identified as CVE-2024-20353 and CVE-2024-20359, respectively, and a Sandbox Escape vulnerability in CrushFTP software, identified as CVE-2024-4040. CISA mandates Federal Civilian Executive Branch agencies to remediate these vulnerabilities promptly due to their significant risk, and strongly recommends that all organizations prioritize these issues in their security protocols.

For more details, visit CISA’s official announcement.