Frequently Asked Questions on ArcaneDoor (CVE-2024-20353,...

Frequently Asked Questions on ArcaneDoor (CVE-2024-20353, CVE-2024-20359)

On April 24, Cisco disclosed an espionage-focused campaign called ArcaneDoor associated with a state-sponsored actor targeting vulnerable network devices, including Cisco’s Adaptive Security Appliance (ASA). Cisco observed this state-sponsored actor exploiting two zero-day vulnerabilities as part of this campaign:

CVE-2024-20353
CVE-2024-20359

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our FAQ blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Frequently Asked Questions on ArcaneDoor (CVE-2024-20353,...

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia