CVE-2023-20269:Authentication Bypass Vulnerability in Cisco ASA and FTD Remote Access VPN

splash
Back

Description Preview

A vulnerability exists in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This vulnerability could allow an unauthenticated, remote attacker to conduct brute force attacks to discover valid credentials, or allow an authenticated remote attacker to establish clientless SSL VPN sessions with unauthorized user privileges. The issue stems from improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.

Overview

The vulnerability (CVE-2023-20269) affects the remote access VPN functionality in Cisco ASA Software and FTD Software. Attackers can exploit this vulnerability by specifying a default connection profile/tunnel group while conducting brute force attacks or when establishing clientless SSL VPN sessions using valid credentials. If successful, attackers could identify valid credentials to establish unauthorized remote access VPN sessions or establish clientless SSL VPN sessions (only when running Cisco ASA Software Release 9.16 or earlier).

It's important to note that this vulnerability does not allow authentication bypass - valid credentials are still required to establish a VPN session, including a valid second factor if multi-factor authentication (MFA) is configured. Additionally, establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups cannot have an IP address pool configured.

Remediation

Cisco has released software updates that address this vulnerability. Organizations using affected versions of Cisco ASA Software and FTD Software should apply the appropriate patches as soon as possible. While specific workarounds are mentioned in the advisory, they are not detailed in the CVE description. For detailed remediation steps and workaround information, organizations should refer to the Cisco Security Advisory referenced below.

References

  • Cisco Security Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC
  • CWE-863: Incorrect Authorization
  • The vulnerability is tracked as CVE-2023-20269

Early Warning

Armis Early Warning customers received an advanced alert on this vulnerability.

Armis Alert Date
Sep 8, 2023
CISA KEV Date
Sep 13, 2023
5days early
Learn More

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Retail Trade
    Retail Trade
  4. Management of Companies & Enterprises
    Management of Companies & Enterprises
  5. Educational Services
    Educational Services
  6. Finance and Insurance
    Finance and Insurance
  7. Other Services (except Public Administration)
    Other Services (except Public Administration)
  8. Public Administration
    Public Administration
  9. Transportation & Warehousing
    Transportation & Warehousing
  10. Accommodation & Food Services
    Accommodation & Food Services
  11. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  12. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  13. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  14. Construction
    Construction
  15. Information
    Information
  16. Mining
    Mining
  17. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  18. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background