Authentication bypass using an alternate path or channel in Cisco Adaptive Security Appliance and Firepower Threat Defense

Published: 2023-09-07 | Updated: 2023-09-08
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-20269
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software
Cisco Adaptive Security Appliance (ASA)
Hardware solutions / Security hardware applicances

Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Authentication bypass using an alternate path or channel

EUVDB-ID: #VU80521

Risk: High


CVE-ID: CVE-2023-20269

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Exploit availability: No


The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. A remote user can perform a brute-force attack and establish a clientless SSL VPN session with an unauthorized user.

Note, the vulnerability is being actively exploited in the wild.


Install updates from vendor's website.

Vulnerable software versions

Cisco Adaptive Security Appliance (ASA): 6.2.3 -

Cisco Firepower Threat Defense (FTD): 6.2.3 -

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?