Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.

Required Action

Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.

Weakness Classification

CWE-288

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC
https://nvd.nist.gov/vuln/detail/CVE-2023-20269

Cybersecurity Alerts

CVE-2023-20269

Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability

Required Action

Weakness Classification

References