Security News > 2023 > September > Cisco warns of VPN zero-day exploited by ransomware gangs

Cisco is warning of a zero-day vulnerability in its Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense that is actively exploited by ransomware operations to gain initial access to corporate networks.

The medium severity zero-day vulnerability impacts the VPN feature of Cisco ASA and Cisco FTD, allowing unauthorized remote attackers to conduct brute force attacks against existing accounts.

Last month, BleepingComputer reported that the Akira ransomware gang was breaching corporate networks almost exclusively through Cisco VPN devices, with cybersecurity firm SentinelOne speculating that it may be through an unknown vulnerability.

A week later, Rapid7 reported that the Lockbit ransomware operation also exploited an undocumented security problem in Cisco VPN devices in addition to Akira.

This week, Cisco confirmed the existence of a zero-day vulnerability that was used by these ransomware gangs and provided workarounds in an interim security bulletin.

The CVE-2023-20269 flaw is located within the web services interface of the Cisco ASA and Cisco FTD devices, specifically the functions that deal with authentication, authorization, and accounting functions.

News URL

https://www.bleepingcomputer.com/news/security/cisco-warns-of-vpn-zero-day-exploited-by-ransomware-gangs/