Cisco ASA Software Vulnerability Allows Brute Force Attacks and Unauthorized SSL VPN Sessions
CVE-2023-20269
Key Information:
- Vendor
- Cisco
- Vendor
- CVE Published:
- 6 September 2023
Badges
Summary
A vulnerability in the remote access VPN feature of Cisco's Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software allows unauthenticated remote attackers to execute brute force attacks to identify valid username and password combinations. This issue arises from inadequate separation of authentication, authorization, and accounting (AAA) for the VPN feature compared to other functionalities such as HTTPS management and site-to-site VPN connections. Successful exploitation could lead to the identification of valid credentials or facilitate an unauthorized clientless SSL VPN session for specific software releases, highlighting the importance of strengthening security measures and updating software to mitigate the risks associated with this vulnerability. Cisco is expected to release software updates to address this issue, and workarounds are available for immediate protection.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.
Affected Version(s)
Cisco Adaptive Security Appliance (ASA) Software 9.8.1
Cisco Adaptive Security Appliance (ASA) Software 9.8.1.5
Cisco Adaptive Security Appliance (ASA) Software 9.8.1.7
References
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved