Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Extortionists have come to love the company's products for their ease of compromising corporate networks.
Cisco warns about the zero-day vulnerability CVE-2023-20269 in its Adaptive Security Appliance (Cisco ASA) and Firepower Threat Defense (Cisco FTD) products. This vulnerability of moderate severity (5 out of 10 points on the CVSS scale) is actively used during ransomware operations to gain initial access to corporate networks.
The vulnerability affects the VPN function of both products and allows unauthorized remote attackers to brute-force against existing accounts. This can lead to the creation of a clientless SSL VPN session in the compromised corporate network, the consequences of which depend on the victim's network configuration.
Last month, we reported that the Akira ransomware gang penetrates corporate networks of completely different organizations, mainly through Cisco VPN devices. SentinelOne researchers then even suggested that this could be due to an unknown vulnerability. A week later, Rapid7 reported that the LockBit ransomware operation also exploited an undocumented security issue in Cisco VPN devices.
This week, Cisco confirmed the existence of a 0-day vulnerability exploited by these ransomware groups and provided interim guidance in a security newsletter. However, security updates for the affected products have not yet been released.
Vulnerability CVE-2023-20269 originates in the web interface of Cisco ASA and Cisco FTD devices, namely in the functions responsible for authentication, authorization and accounting (AAA). The violation occurs due to insufficient separation of these functions and other software components, which leads to the possibility of attacks.
For a successful attack, a Cisco device must meet certain conditions, including the presence of at least one user with a configured password and activated SSL VPN or IKEv2 VPN on at least one interface.
System administrators are advised to take a number of actions before releasing a security update to address the CVE-2023-20269 vulnerability. These recommendations include the use of multi-factor authentication( MFA), which greatly reduces the risk of hacking, since authentication data alone is no longer enough to establish a VPN connection.
This incident serves as a reminder that even reliable and generally accepted software and hardware solutions can contain vulnerabilities that can take a long time to resolve. A well-known brand does not provide one hundred percent protection against compromise, and a comprehensive approach is important in ensuring truly unassailable cyber defense.
Cisco warns about the zero-day vulnerability CVE-2023-20269 in its Adaptive Security Appliance (Cisco ASA) and Firepower Threat Defense (Cisco FTD) products. This vulnerability of moderate severity (5 out of 10 points on the CVSS scale) is actively used during ransomware operations to gain initial access to corporate networks.
The vulnerability affects the VPN function of both products and allows unauthorized remote attackers to brute-force against existing accounts. This can lead to the creation of a clientless SSL VPN session in the compromised corporate network, the consequences of which depend on the victim's network configuration.
Last month, we reported that the Akira ransomware gang penetrates corporate networks of completely different organizations, mainly through Cisco VPN devices. SentinelOne researchers then even suggested that this could be due to an unknown vulnerability. A week later, Rapid7 reported that the LockBit ransomware operation also exploited an undocumented security issue in Cisco VPN devices.
This week, Cisco confirmed the existence of a 0-day vulnerability exploited by these ransomware groups and provided interim guidance in a security newsletter. However, security updates for the affected products have not yet been released.
Vulnerability CVE-2023-20269 originates in the web interface of Cisco ASA and Cisco FTD devices, namely in the functions responsible for authentication, authorization and accounting (AAA). The violation occurs due to insufficient separation of these functions and other software components, which leads to the possibility of attacks.
For a successful attack, a Cisco device must meet certain conditions, including the presence of at least one user with a configured password and activated SSL VPN or IKEv2 VPN on at least one interface.
System administrators are advised to take a number of actions before releasing a security update to address the CVE-2023-20269 vulnerability. These recommendations include the use of multi-factor authentication( MFA), which greatly reduces the risk of hacking, since authentication data alone is no longer enough to establish a VPN connection.
This incident serves as a reminder that even reliable and generally accepted software and hardware solutions can contain vulnerabilities that can take a long time to resolve. A well-known brand does not provide one hundred percent protection against compromise, and a comprehensive approach is important in ensuring truly unassailable cyber defense.
