Cisco CVE-2023-20269
Date of Notice: 04/12/2024
Action Level - Critical
Description
A critical vulnerability has been identified in Cisco ASA and FTD Software's remote access VPN feature. This flaw could allow unauthorized parties to either conduct brute force attacks to discover valid usernames and passwords that could then be used to establish an unauthorized remote access VPN session. The vulnerability also allows the attacker to establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier).
Affected Device:
Devices running vulnerable Cisco ASA or FTD Software versions are impacted. This includes those configured for remote access VPN with either local database users or HTTPS management pointing to a valid AAA server.
Attack Vector:
An attacker could exploit this vulnerability by using a default connection profile or tunnel group to either conduct a brute force attack or establish a clientless SSL VPN session.
Attack Feasibility:
Brute Force Attack: Feasible if SSL VPN or IKEv2 VPN is enabled on any interface and the device is configured with user credentials.
Unauthorized SSL VPN Session: Feasible under specific conditions, including the presence of valid user credentials and running Cisco ASA Software Release 9.16 or earlier.
Mitigations:
For Brute Force Attacks: Limit the number of failed login attempts both locally and for external databases.
For Unauthorized VPN Sessions: Use Dynamic Access Policies (DAP) and adjust the VPN-simultaneous-logins setting in group policies to restrict unauthorized access.
Remediation:
Cisco has released software updates addressing this vulnerability. Users should:
- Consult the Cisco Security Advisories page to check their specific software release against known vulnerabilities.
- Apply the latest software updates or patches provided by Cisco.
- Consider implementing the recommended mitigation strategies to limit the risk of exploitation.
For detailed information and updates, visit the Cisco Security Advisory page: CiscoSecurityAdvisory