Forum Discussion
Ransomware Groups Reportedly Exploiting Zero-Day in Cisco...
Ransomware Groups Reportedly Exploiting Zero-Day in Cisco ASA/FTD (CVE-2023-20269)
On September 6, Cisco published an advisory for a zero-day vulnerability in the Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances.
- CVE-2023-20269: Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability
Previous reports noted that ransomware groups including Akira and LockBit have been targeting Cisco ASA and FTD appliances for months, but it is believed that the groups may have reportedly used this previously undisclosed vulnerability as part of those attacks.
At the time of publishing this community post, there were no patches available for this vulnerability.
For more information about the vulnerability, including Tenable product coverage and for up-to-date information on the availability of patches, please visit our blog.
5 Replies
I believe this CVE now has patches, at least for some supported devices:
Example 9.12.4.62 was released to address this issue and is not affected:
However, scans still do not recognize the update and mark a patched ASA as critically vulnerable. Can the plugins be updated? Thanks.
Hi @Dustin Robbins ,
Thanks for sharing this with me. I will look into this further and get back to you.
Thanks,
Satnam
Hello again @Dustin Robbins ,
I believe a new plugin was released today for this advisory:
https://www.tenable.com/plugins/nessus/182523
Thank you again for bringing this to my attention. Please let me know if you have any further questions.
Regards,
Satnam
Thanks. It appears there may be a false negative in the current plugin when it comes showing the vulnerability on a firewall that is sitting on the initial release of ASA 9.12.4. (e.i., just "9.12(4)" with no minor release number at the end: 9.12(4)x)
