CVE-2023-20269 - Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
Project:Cisco
Product:Adaptive Security Appliance and Firepower Threat Defense
Date Added:2023-09-13Due Date:2023-10-04
Vulnerability Name
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
Description
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.
Additional Notes
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC
https://nvd.nist.gov/vuln/detail/CVE-2023-20269
Related News Articles
Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest AttacksOctober 23, 2024
