all InfoSec news
CVE-2023-20269: Zero-Day Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Reportedly Exploited by Ransomware Groups
Cyber Exposure Alerts www.tenable.com
Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled.
Background
On September 6, Cisco published an advisory for a zero-day vulnerability in the software for its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances that has been reportedly exploited in the wild:
CVE | Description | CVSSv3 | VPR* |
---|---|---|---|
CVE-2023-20269 | Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability | 5.0 | 3.2 … |
advisory akira asa cisco cve defense exploited exploiting firepower lockbit ransomware ransomware groups security september software threat threat defense vpn vulnerability zero-day zero-day vulnerability