From a53e4e439120f38e0244cb34c761ae27c5ce0814 Mon Sep 17 00:00:00 2001
From: Adon Metcalfe <adonm@fastmail.fm>
Date: Fri, 26 Apr 2024 12:28:18 +0800
Subject: [PATCH] Revert "ArcaneDoor Exploiting Cisco ASA Vulnerabilities -
 20240425001 (#676)"

This reverts commit 7a43f70b5c7eb6c242f47446f9045806960fd1ae.
---
 ...or-Exploiting-Cisco-ASA-Vulnerabilities.md | 30 -------------------
 1 file changed, 30 deletions(-)
 delete mode 100644 docs/advisories/20240426001-ArcaneDoor-Exploiting-Cisco-ASA-Vulnerabilities.md

diff --git a/docs/advisories/20240426001-ArcaneDoor-Exploiting-Cisco-ASA-Vulnerabilities.md b/docs/advisories/20240426001-ArcaneDoor-Exploiting-Cisco-ASA-Vulnerabilities.md
deleted file mode 100644
index e1c270cd3..000000000
--- a/docs/advisories/20240426001-ArcaneDoor-Exploiting-Cisco-ASA-Vulnerabilities.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# ArcaneDoor Exploiting Cisco ASA Vulnerabilities - 20240426001
-
-## Overview
-
-Cisco has released security updates to address ArcaneDoor—exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software. A cyber threat actor could exploit vulnerabilities (CVE-2024-20353, CVE-2024-20359, CVE-2024-20358) to take control of an affected system.
-
-## What is vulnerable?
-
-| CVE                                                               | Severity   | CVSS | Product(s) Affected                                                                                                                                                                                         | Summary                                                                                                                                                                                                                                                                                                                                | Dated      |
-| ----------------------------------------------------------------- | ---------- | ---- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
-| [CVE-2024-20353](https://nvd.nist.gov/vuln/detail/CVE-2024-20353) | **High**   | 8.6  | **Check [advisory's tool](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2) on vulnerable configured Cisco ASA and FTD Software**         | A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition                              | 24/04/2024 |
-| [CVE-2024-20359](https://nvd.nist.gov/vuln/detail/CVE-2024-20359) | **Medium** | 6.0  | **Check [advisory's tool](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h) on vulnerable release of Cisco ASA Software or FTD Software** | A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges | 24/04/2024 |
-| [CVE-2024-20358](https://nvd.nist.gov/vuln/detail/CVE-2024-20358) | **Medium** | 6.0  | **Check [advisory's tool](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8Wysm) on vulnerable release of Cisco ASA Software or FTD Software**     | A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges                | 24/04/2024 |
-
-## What has been observed?
-
-There is evidence of exploitation activities and some Cisco ASA devices in Australia have been compromised.
-
-## Recommendation
-
-The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
-
-- [Attacks Against Cisco Firewall Platforms](https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response)
-
-- Inspect logs for traces of [IOCs](https://www.cyber.gc.ca/en/news-events/cyber-activity-impacting-cisco-asa-vpns)
-
-## Additional References
-
-- [Exploitation of vulnerabilities affecting Cisco firewall platforms](https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/exploitation-vulnerabilities-affecting-cisco-firewall-platforms)
-- [Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms](https://www.cisa.gov/news-events/alerts/2024/04/24/cisco-releases-security-updates-addressing-arcanedoor-vulnerabilities-cisco-firewall-platforms)