Security News > 2023 > September > Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)
A vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices.
An unauthenticated, remote attacker to conduct a brute force attack to identify valid username and password combinations that can be used to establish an unauthorized remote access VPN session, or.
The company made sure to note that the flaw does not allow attackers to bypass authentication.
Caitlin Condon, head of vulnerability research at Rapid7, says that CVE-2023-20269 enables attackers to more easily conduct brute force attacks, and that brute forcing was one of the techniques the company observed in recent ransomware attacks against enterprises, which started with brute-forcing Cisco ASAs that either did not have multi-factor authentication or were not enforcing it.
"Cisco didn't cite specific IPs or attribution information for the vulnerability in their advisory. They talked about attacker behavior a bit, but many attackers could have the same behavior. It's not possible to discern whether there's specific attacker overlap without more information," she told Help Net Security.
"As we noted in our original blog on this, Rapid7 observed a number of different techniques being used, and a number of different payloads, including Akira and LockBit ransomware. Those attacks were all different. I'd reject the premise that there's a single attacker or a set group of attackers."
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-06 | CVE-2023-20269 | Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. | 9.1 |