February 16, 2024 at 06:57AM
The US security agency CISA has added CVE-2020-3259, a vulnerability affecting Cisco ASA and FTD products, to its Known Exploited Vulnerabilities catalog. It allows remote attackers to access sensitive information. CISA urges organizations to address it promptly after evidence suggesting exploitation by the Akira ransomware group emerged. Cisco is advised to update its advisory accordingly.
Key takeaways from the meeting notes:
1. The US security agency CISA has added the old flaw CVE-2020-3259 affecting Cisco security appliances to its Known Exploited Vulnerabilities (KEV) catalog.
2. This vulnerability affects Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products and can be exploited by a remote, unauthenticated attacker to obtain potentially sensitive information, including access credentials.
3. Exploitation of the vulnerability has been observed in ransomware attacks by the Akira ransomware group, making headlines recently.
4. Truesec found evidence suggesting that at least six compromised devices were running different versions of the vulnerable software.
5. CISA has instructed government agencies to address the vulnerability by March 7, and all organizations are strongly urged to ensure their systems cannot be penetrated via this vulnerability.
6. Cisco has not yet updated its advisory to mention in-the-wild exploitation.
7. Additionally, CISA has warned of other related vulnerabilities including Roundcube Webmail and Apache Superset.
Let me know if you need any more information.