www.helpnetsecurity.com
Open in
urlscan Pro
44.224.133.177
Public Scan
URL:
https://www.helpnetsecurity.com/2023/09/08/cve-2023-20269/
Submission: On September 11 via api from TR — Scanned from DE
Submission: On September 11 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1694397925"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus * News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Zeljka Zorz, Editor-in-Chief, Help Net Security September 8, 2023 Share UNPATCHED CISCO ASA FLAW EXPLOITED BY ATTACKERS (CVE-2023-20269) A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found during the resolution of a Cisco TAC support case,” the company noted in a recently published security advisory, and thanked Rapid7 for reporting attempted exploitation of this vulnerability. ABOUT CVE-2023-20269 CVE-2023-20269 affects the remote access VPN feature of Cisco ASA and FTD solutions. It may allow: * An unauthenticated, remote attacker to conduct a brute force attack to identify valid username and password combinations that can be used to establish an unauthorized remote access VPN session, or * An authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user (but only when running Cisco ASA Software Release 9.16 or earlier) Both approaches require certain conditions to be met. “This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features,” Cisco explained. “An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials.” But the company made sure to note that the flaw does not allow attackers to bypass authentication. “To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured.” EXPLOITATION While it works on fixing the vulnerability, Cisco has provided mitigation steps and indicators of compromise that might point to successful exploitation, as well as recommandations for admins. Caitlin Condon, head of vulnerability research at Rapid7, says that CVE-2023-20269 enables attackers to more easily conduct brute force attacks, and that brute forcing was one of the techniques the company observed in recent ransomware attacks against enterprises, which started with brute-forcing Cisco ASAs that either did not have multi-factor authentication (MFA) or were not enforcing it. “Cisco didn’t cite specific IPs or attribution information for the vulnerability in their advisory. They talked about attacker behavior a bit, but many attackers could have the same behavior. It’s not possible to discern whether there’s specific attacker overlap without more information,” she told Help Net Security. “As we noted in our original blog on this, Rapid7 observed a number of different techniques being used, and a number of different payloads, including Akira and LockBit ransomware. Those attacks were all different. I’d reject the premise that there’s a single attacker or a set group of attackers.” More about * brute-force * Cisco * Rapid7 * vulnerability Share this FEATURED NEWS * Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) * North Korean hackers target security researchers with zero-day exploit * Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) CIS Benchmarks Communities: Where configurations meet consensus SPONSORED EBOOK: 9 WAYS TO SECURE YOUR CLOUD APP DEV PIPELINE FREE ENTRY-LEVEL CYBERSECURITY TRAINING AND CERTIFICATION EXAM GUIDE: ATTACK SURFACE MANAGEMENT (ASM) DON'T MISS UNPATCHED CISCO ASA FLAW EXPLOITED BY ATTACKERS (CVE-2023-20269) NORTH KOREAN HACKERS TARGET SECURITY RESEARCHERS WITH ZERO-DAY EXPLOIT APPLE PATCHES TWO ZERO-DAYS UNDER ATTACK (CVE-2023-41064, CVE-2023-41061) SEPTEMBER 2023 PATCH TUESDAY FORECAST: IMPORTANT FEDERAL GOVERNMENT NEWS BEST PRACTICES FOR IMPLEMENTING A PROPER BACKUP STRATEGY Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - monthly newsletter with top articles Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2023 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×