Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability

Added Sept. 13, 2023 • Due Oct. 4, 2023 • CVE-2023-20269

Overdue Cisco / Adaptive Security Appliance and Firepower Threat Defense Known Ransomware Use CWE-288

Description

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.

Required Action

Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC
https://nvd.nist.gov/vuln/detail/CVE-2023-20269

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 6 months, 3 weeks ago