Security News > 2023 > September > Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)

A vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices.

An unauthenticated, remote attacker to conduct a brute force attack to identify valid username and password combinations that can be used to establish an unauthorized remote access VPN session, or.

The company made sure to note that the flaw does not allow attackers to bypass authentication.

Caitlin Condon, head of vulnerability research at Rapid7, says that CVE-2023-20269 enables attackers to more easily conduct brute force attacks, and that brute forcing was one of the techniques the company observed in recent ransomware attacks against enterprises, which started with brute-forcing Cisco ASAs that either did not have multi-factor authentication or were not enforcing it.

"Cisco didn't cite specific IPs or attribution information for the vulnerability in their advisory. They talked about attacker behavior a bit, but many attackers could have the same behavior. It's not possible to discern whether there's specific attacker overlap without more information," she told Help Net Security.

"As we noted in our original blog on this, Rapid7 observed a number of different techniques being used, and a number of different payloads, including Akira and LockBit ransomware. Those attacks were all different. I'd reject the premise that there's a single attacker or a set group of attackers."

News URL

https://www.helpnetsecurity.com/2023/09/08/cve-2023-20269/