Zero-Day vulnerability opens Cisco asa to attacks

Cisco has confirmed a zero-day vulnerability is allowing attackers to infiltrate company networks and deploy the Akira ransomware, among other ransomwares.


Attacks since march 2023

Analysts have reported that attacks have been on-going since March 2023, but only recently was discovered.


11 affected so far

At least 11 companies have been affected by this vulnerability, with an untold number of other companies not yet reporting any attacks.  Either they don’t know or they are not reporting it yet.

News > Cyber-Attacks > Ransomware
by Kevin Wood

Hackers abusing cisco security appliances to infiltrate networks



reports by rapid7 advised of brute-forces attacks

Last week, we posted an article about Cisco appliances being attacked by hackers in order to deploy the Akira ransomware.  By using brute-force techniques, they were able to hack into networks across the world, deploy their ransomware and then demand payments from companies otherwise they run the risk of their data being sold on the dark web.  Attackers also used a technique called, “Password Spraying”, where they try commonly used passwords and usernames in an attempt to gain access to systems that were poorly configured with default usernames and passwords.

In a new report by Cisco, they have now confirmed an unpatched zero-day vulnerability on it’s “Adaptive Security Appliance Software”, also known as ASA, and it’s “Firepower Threat Defense”, also known as FTD, platforms that hackers are using in order to gain access to networks.  

“An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials,” Cisco officials wrote in an advisory.

The Adaptive Security Appliance is considered an “all-in-one” security solution as it comes with a firewall, antivirus, VPN, and intrusion prevention.  The Firepower Threat Defense is effectively an add-on for the ASA, taking advantage of it’s capabilities with a more in-depth management console including advanced features.

The vulnerability, which is being tracked as CVE-2023-20269, comes from the way the device improperly separate the authorization, authentication and accounting of remote access in the VPN feature-set.  Currently, it’s rated at 5.0 out of a possible 10.0.

Attacks have been on-going since March 2023 and has affected at least 11 customers – but those are only the one’s that were contacted by security research firm Rapid7.  The total number of affected companies is still unknown.

As we’ve said many times, it’s important to ensure that your IT environment is secure and properly configured.  Something like a default username and password for a network device can leave your company wide open to attacks.

If you’re looking for a 3rd party security review of your IT environment, contact our Tech Team to schedule a meeting to discuss how we can help ensure your company is setup for success, and not left open to attack.  Our Tech Team has decades of years of experience and can take a complete inventory of your IT environment, review any audit reports and pen testing, and make recommendations on items to fix and how to fix them.

Click the “Contact Us Today” button below to get started!


  • Contact us today to start the conversation regarding your IT environment.
  • With decades of years of experience, we can help you ensure that your devices are properly configured, aren’t wide open to security threats, and are setup to stay up to date with the latest features.
  • Contact our Tech Support Team today.  Our team will be happy to investigate what you currently have and make recommendations on what to change, and why.
  • Contact us today!