嗯,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要用“文章内容总结”之类的开头。好的,我先看看这篇文章讲的是什么。 文章提到Cisco发现了针对Secure Firewall ASA和FTD设备的新攻击变种,利用了CVE-2025-20333和CVE-2025-20362这两个漏洞。这两个漏洞分别是缓冲区溢出和缺少授权的问题,可能导致远程代码执行和权限提升。攻击可能导致设备重新加载,造成拒绝服务。 然后,文章提到这些漏洞被CISA添加到已知被利用的漏洞目录中,并且英国的NCSC报告说威胁行为者利用它们进行零日攻击,部署了新的恶意软件RayInitiator和LINE VIPER。这些恶意软件比较复杂,有高级的逃避能力。 Cisco将这些新攻击与ArcaneDoor威胁行为者联系起来,但没有证据表明其他FTD或硬件平台被成功入侵。 好的,现在我要把这些信息浓缩到100字以内。重点包括:Cisco警告新攻击变种,利用两个漏洞导致DoS;恶意软件复杂;与ArcaneDoor有关;其他平台未被入侵。 可能的结构:Cisco警告新攻击利用两个漏洞导致DoS,部署复杂恶意软件RayInitiator和LINE VIPER,并与ArcaneDoor有关,但未影响其他平台。 检查一下字数是否在限制内。嗯,大概在100字左右。 </think> Cisco警告新的攻击变种利用CVE-2025-20333和CVE-2025-20362漏洞针对Secure Firewall ASA和FTD设备,可能导致拒绝服务(DoS)。该攻击部署复杂恶意软件RayInitiator和LINE VIPER,并与ArcaneDoor威胁行为者相关联。目前无证据显示其他平台受影响。 2025-11-6 18:26:17 Author: securityaffairs.com(查看原文) 阅读量:4 收藏
Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices
Pierluigi Paganini
November 06, 2025
Cisco warns of a new attack variant exploiting CVE-2025-20333 and CVE-2025-20362 in Secure Firewall ASA and FTD devices.
Cisco warned of a new attack variant targeting vulnerable Secure Firewall ASA and FTD devices by exploiting the vulnerabilities CVE-2025-20333 and CVE-2025-20362.
“On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362.” reads the new alert published by Cisco. “This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Releases section of this page.”
CVE-2025-20333 is a buffer overflow vulnerability in Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server. An attacker can exploit this flaw for remote code execution.
CVE-2025-20362 is a missing authorization vulnerability in Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD).
The two vulnerabilities could be chained.
In September, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
After the flaws had been fixed, the U.K. NCSC reported that threat actors exploited them in zero-day attacks to deploy novel malware families, RayInitiator and LINE VIPER. These malware mark a major evolution from earlier campaigns, featuring greater sophistication and advanced evasion capabilities.
RayInitiator is a persistent, multi-stage GRUB bootkit flashed to Cisco ASA 5500-X devices (many out of support) that survives reboots and firmware upgrades. RayInitiator is used to load the user-mode loader LINE VIPER into memory.
LINE VIPER receives commands either through WebVPN client authentication or by special network packets. It uses unique tokens and RSA keys per victim to secure commands and stolen data. Once active, it can run device commands, capture network traffic, bypass authentication controls, hide log messages, record CLI input, and trigger delayed reboots.
Cisco links the new attacks to the ArcaneDoor threat actor but says no evidence shows other FTD or hardware platforms have been successfully breached.
“Cisco assesses with high confidence that this new activity is related to the same threat actor as the ArcaneDoor attack campaign that Cisco reported in early 2024.” concludes the alert. “While the vulnerable software is supported across other hardware platforms with different underlying architectures as well as in devices that are running Cisco Secure Firewall Threat Defense (FTD) Software, Cisco has no evidence that these platforms have been successfully compromised.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISCO)
如有侵权请联系:admin#unsafe.sh