Main Vulnerability Database Vulnerabilities #VU82686

Improper Certificate Validation in Cisco Adaptive Security Appliance (ASA) and Cisco Firewall Threat Defense (FTD) - CVE-2023-20247

Published: November 2, 2023

Vulnerability identifier: #VU82686

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-20247

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Adaptive Security Appliance (ASA)
Cisco Firewall Threat Defense (FTD)

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper error handling during remote access VPN authentication. A remote user can send a specially crafted request and bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile.

Remediation

Install updates from vendor's website.

External links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-multi-cert-dzA3h5PT

Improper Certificate Validation in Cisco Adaptive Security Appliance (ASA) and Cisco Firewall Threat Defense (FTD) - CVE-2023-20247

Description

Remediation

External links

Please verify you're human