CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Oct 4, 2023

CVE-2023-20269

High

EPSS 0.9%CISA KEVRansomware

Cisco/Adaptive Security Appliance and Firepower Threat Defense

Description

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.

EPSS — Exploit Probability

0.9%

Higher than 75.1% of all CVEs

Required Action

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC; https://nvd.nist.gov/vuln/detail/CVE-2023-20269

Risk Assessment

HIGH

In CISA KEV

Ransomware

Details

Severity: High
EPSS: 0.9%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Sep 13, 2023

Added to KEV

Sep 13, 2023

Remediation Due

Oct 4, 2023

Affected Product

Cisco

Adaptive Security Appliance and Firepower Threat Defense

View all Cisco CVEs

External Links

NVD (NIST)CVE Details MITRE CVE