all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-20269: Zero-Day Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Reportedly Exploited by Ransomware Groups

Add to bookmarks
Sept. 12, 2023, 12:17 a.m. | Satnam Narang

Cyber Exposure Alerts www.tenable.com

Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled.


Background


On September 6, Cisco published an advisory for a zero-day vulnerability in the software for its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances that has been reportedly exploited in the wild:










CVEDescriptionCVSSv3VPR*
CVE-2023-20269Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability5.03.2 …

advisory akira asa cisco cve defense exploited exploiting firepower lockbit ransomware ransomware groups security september software threat threat defense vpn vulnerability zero-day zero-day vulnerability

Visit resource

More from www.tenable.com / Cyber Exposure Alerts

Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) 4 days, 10 hours ago | www.tenable.com
addresses critical critical vulnerability cve +15
CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities 1 week, 2 days ago | www.tenable.com
big big-ip big-ip next central manager centralized management +18
CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor 3 weeks, 2 days ago | www.tenable.com
adaptive security arcanedoor blog called +15
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited 3 weeks, 4 days ago | www.tenable.com
advisory april crushftp customers +23
Oracle April 2024 Critical Patch Update Addresses 239 CVEs 1 month ago | www.tenable.com
addresses april cpu critical +12
CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild 1 month ago | www.tenable.com
alto april attacks command +25
Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988) 1 month, 1 week ago | www.tenable.com
addresses april critical critical vulnerabilities +13
Frequently Asked Questions About CVE-2024-3094, A Backdoor in XZ Utils 1 month, 2 weeks ago | www.tenable.com
CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability 2 months ago | www.tenable.com
address advisory arbitrary code attacker +20

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India
View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190
View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal
View on infosec-jobs.com