Vulnerability details
Vulnerable component: Cisco Adaptive Security Appliance (ASA)
CVE-ID: CVE-2023-20269
CVSSv3 score: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N/E:H/RL:O/RC:C
CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Description:
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. A remote user can perform a brute-force attack and establish a clientless SSL VPN session with an unauthorized user.
Note, the vulnerability is being actively exploited in the wild.