ANNOUNCEMENT

Line Dancer and Line Runner Security Vulnerabilities (CVE-2024-20353, CVE-2024-20359, and CVE-2024-20358) 

May 3, 2024: Wasabi is aware of the vulnerabilities disclosed by Cisco (CVE-2024-20353, CVE-2024-20359, and CVE-2024-20358) and has completed verification that these issues do not affect any Wasabi products or services. 

Wasabi is aware of a new threat campaign known as “ArcaneDoor,” which targets both Cisco Adaptive Security Appliance (ASA) software and Firepower Thread Defense (FTD) software running on perimeter network devices. This threat campaign contains vulnerabilities known as “Line Dancer” and “Line Runner,” which grant the threat actor the ability to upload and execute arbitrary shellcode payloads against affected devices. It also has been discovered that another vulnerability (CVE-2024-20353) can be used to help facilitate the CVE-2024-20359/ CVE-2024-20358 attack against vulnerable hardware. 

From the CVE-2024-20359 detail, it is “a vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.” 

Wasabi is aware of the vulnerability and has completed verification that this issue does not affect any Wasabi products or services. 

If you have any other questions regarding the Line Dancer and Line Runner issues and Wasabi, reach out to support@wasabi.com for further assistance.