Security News > 2024 > February > Akira, LockBit actively searching for vulnerable Cisco ASA devices
Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning.
"But the problem is nobody has complete visibility of what exploits actually exist," he added, and advised admins to upgrade to the latest ASA release on all devices that have the AnyConnect SSL VPN feature enabled on the device's interface.
Cisco ASA devices are widely deployed in organizations of all sizes, and are regularly targeted by attackers via unpatched vulnerabilities, credential stuffing and targeted brute-force attacks.
PoCs for patched vulnerabilities surface often, making the attackers' work easier, but they are also either creating their own exploits or buying them from somewhere: Truesec researchers have recently flagged Akira's likely exploitation of CVE-2020-3259, for which there is no known public exploit.
Though an exploit for CVE-2020-3580, a cross-site scripting vulnerability affecting Cisco ASA and FTD devices, was leveraged by attackers in 2021, ransomware groups are obviously hoping that many organizations are VERY slow to patch.
"I've just been looking at data from GreyNoise and other firms. There has been a significant uptick in scanning for Cisco AnyConnect VPN devices," Beaumont also noted on Wednesday.
News URL
https://www.helpnetsecurity.com/2024/02/08/ransomware-cisco-asa-vulnerabilities/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-21 | CVE-2020-3580 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
2020-05-06 | CVE-2020-3259 | Unspecified vulnerability in Cisco products A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. | 7.5 |