CVE-2023-20269
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
CVSS
—
Sin CVSS
EPSS
21.6%
p97
KEV
SÍ
13 sept 2023
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
Cisco / Adaptive Security Appliance and Firepower Threat Defense
Vulnerabilidad
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
Añadido a KEV
13 sept 2023
Remediar antes de
4 oct 2023
Uso conocido en ransomware
Sí
Descripción resumida
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.
Acción requerida
Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.
Notas
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC; https://nvd.nist.gov/vuln/detail/CVE-2023-20269
Sin CVEs relacionados por CWE o producto.