CVE-2023-20269

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software (affected versions not specified)

Description A vulnerability exists in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This flaw could allow an unauthenticated, remote attacker to conduct a brute force attack to identify valid username and password combinations. Alternatively, an authenticated, remote attacker could establish a clientless SSL VPN session with an unauthorized user. The root cause is improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and other features. Attackers can exploit this by specifying a default connection profile/tunnel group during a brute force attack or while establishing a clientless SSL VPN session. Successful exploitation could lead to unauthorized remote access or the establishment of unauthorized VPN sessions. This vulnerability is actively exploited by ransomware groups, including LockBit and Akira. Approximately 37,804 systems are potentially exposed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.