CVE-2023-20269

Vulnerability updated 4 months ago (2024-05-04T19:49:23.557Z)

Download STIX

Preview STIX

CVE-2023-20269 is a zero-day vulnerability found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This flaw in software design or implementation has been actively exploited by ransomware groups to gain initial access to corporate networks. The exploitation of this vulnerability has been confirmed by both LockBit and the Akira ransomware gang, the latter having already claimed 125 victims since tracking began in April 2023. The Finnish National Cyber Security Centre (NCSC-FI) also issued an advisory regarding a spike in Akira ransomware incidents towards the end of 2023, which were carried out by exploiting this security flaw. The vulnerability, CVE-2023-20269, specifically impacts the VPN feature of Cisco’s ASA and FTD software. The company warned about this vulnerability being actively exploited in ransomware attacks, following which it issued an alert earlier this month. Rapid7, in its September 7 update, confirmed that "CVE-2023-20269 is being exploited in the wild" and linked it to certain behaviors they had observed and outlined in their blog post. In response to the rising threat, Cisco has urged users to apply necessary patches to mitigate the risk associated with this vulnerability. The severity of the issue is underscored by its CVSS score of 5.0, indicating a medium level of risk. As ransomware groups continue to exploit this zero-day flaw for unauthorized network access, organizations are advised to stay vigilant, monitor their network activities closely, and ensure all software is up-to-date.

Description last updated: 2024-03-21T22:11:47.510Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Cisco

Vpn

Exploit

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Akira	Unspecified	6	Akira is a malicious software or malware that has been causing significant damage to various organizations and systems worldwide. The ransomware, known for its persistent and harmful attacks, has successfully infiltrated numerous systems, often without the knowledge of the users, disrupting operatio
Lockbit	Unspecified	5	LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc

Source Document References

Information about the CVE-2023-20269 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
CERT-EU	8 months ago	Medusa and Akira Rage; Tortilla Disrupted \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Akira ransomware received $42M in ransom payments from over 250 victims
CISA	5 months ago	#StopRansomware: Akira Ransomware \| CISA
Securityaffairs	5 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini