Cisco ArcaneDoor Vulnerabilities

April 26, 2024

ADP is aware of the following ArcaneDoor vulnerabilities recently reported by Cisco:

• CVE-2024-20353
• CVE-2024-20358
• CVE-2024-20359

As soon as we were made aware, our Global Security Organization immediately began to assess any potential impacts to our systems. At this time, we have not identified any intrusion or data access and will prioritize any necessary remediation. We will continue to monitor this situation as we do with all reported vulnerabilities.

ADP’s layered defense includes technologies and controls to identify and/or prevent these types of threats, including assessing vulnerabilities and applying appropriate protection and detection control updates. Clients are encouraged to visit ADP’s website at www.adp.com/trust to see Security Alerts to learn more about how ADP protects data, and how clients can help protect themselves.

Protecting our clients and their data is a top priority for ADP.