Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability
Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability | |
CVE ID | CVE-2023-20269 |
Exploited in the wild | Yes |
Risk Rating\CVSS | 6.5 /Zero Day |
Associated Threat actor \Malware/campaign | This vulnerability was exploited to gain initial access to targets. also observed exploitation of this vulnerability leading to the deployment of several ransomware families like FileCoder, Akira Ransomware, LockBit Ransomware, and Conti Ransomware. |
User Interaction | None |
Affected Products |
Cisco ASA 9.16 and earlier Cisco ASA 6.2.3 through 9.8.4.8 Cisco FTD 6.2.3 through 9.8.4.8 |
Summary | An unspecified vulnerability exists in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software that, when exploited, allows a remote attacker to brute force valid credentials or establish a clientless SSL VPN session with an unauthorized user. exploitation of the vulnerability in the wild has been confirmed. Mitigation options include workarounds. |
Analysis | A successful exploit could allow the attacker to achieve one or both of the following:
This Vulnerability has been actively exploited by ransomware actors. It potentially leading to a compromise of sensitive information. Several malware families, including FileCoder, Akira Ransomware, LockBit Ransomware, and Conti Ransomware, have been associated with this vulnerability. |
Patch/Mitigation |
Mitigation options include workarounds by implement the following recommendations based on the vendor advisory to protect against unauthorized Clientless SSL VPN session establishment using the DefaultADMINGroup or DefaultL2LGroup connection profiles/tunnel groups. |