CVE-2023-20269

CVE-2023-20269 is a zero-day vulnerability found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This flaw in software design or implementation has been actively exploited by ransomware groups to gain initial access to corporate networks. The exploitation of this vulnerability has been confirmed by both LockBit and the Akira ransomware gang, the latter having already claimed 125 victims since tracking began in April 2023. The Finnish National Cyber Security Centre (NCSC-FI) also issued an advisory regarding a spike in Akira ransomware incidents towards the end of 2023, which were carried out by exploiting this security flaw. The vulnerability, CVE-2023-20269, specifically impacts the VPN feature of Cisco’s ASA and FTD software. The company warned about this vulnerability being actively exploited in ransomware attacks, following which it issued an alert earlier this month. Rapid7, in its September 7 update, confirmed that "CVE-2023-20269 is being exploited in the wild" and linked it to certain behaviors they had observed and outlined in their blog post. In response to the rising threat, Cisco has urged users to apply necessary patches to mitigate the risk associated with this vulnerability. The severity of the issue is underscored by its CVSS score of 5.0, indicating a medium level of risk. As ransomware groups continue to exploit this zero-day flaw for unauthorized network access, organizations are advised to stay vigilant, monitor their network activities closely, and ensure all software is up-to-date.