CVE-2023-20269
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
CVSS
—
No CVSS
EPSS
21.6%
p97
KEV
YES
Sep 13, 2023
Exploit Today
79
0-100
Published: — · Last modified: —
Product
Cisco / Adaptive Security Appliance and Firepower Threat Defense
Vulnerability
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
Added to KEV
Sep 13, 2023
Remediate by
Oct 4, 2023
Known ransomware use
Yes
Summary description
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.
Required action
Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.
Notes
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC; https://nvd.nist.gov/vuln/detail/CVE-2023-20269
No related CVEs by CWE or product.