Vulnerabilities Observed in Exploit Campaign Affecting Cisco ASA and FTD Software

Health-ISAC is distributing this bulletin to increase your situational awareness.
On April 24, 2024, Cisco released security advisories regarding the abuse of vulnerabilities
(CVE-2024-20353 and CVE-2024-20359) identified in campaigns targeting Cisco Adaptive Security
Appliance (ASA) and Firepower Threat Defense (FTD) software. The malicious activity, dubbed
ArcaneDoor, is an operation enacted by state-sponsored threat actors targeting perimeter network devices
from multiple vendors. The threat actors intentions behind the operation are likely to pivot into
organizations, reroute or modify traffic, and monitor network communications after exploiting affected
perimeter network devices.
- Related Resources & News
- Health-ISAC whitepaper highlights cybersecurity responsibilities in medical device lifecycle, focuses on resilience
- Health-ISAC Hacking Healthcare 2-3-2025
- Exploring the Cybersecurity Roles of Manufacturers and Healthcare Organizations During the Medical Device Lifecycle
- Impacts of Proposed US Import Tariffs on the Global Health Sector
- NY Blood Center Attack Disrupts Suppliers in Several States
- 2025 Newsletter – February
- DeepSeek’s Security Risk Is A Critical Reminder For CIOs
- $6.4m to combat health sector cyber threat
- Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks
- EU Commission Calls for Health Sector ‘Cyber Action Plan’