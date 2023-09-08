逸耘居

揭开新技术和人工智能的力量

新闻中心

思科警告勒索软件操作利用零日漏洞

By罗伯特·安德鲁

8 年 2023 月 XNUMX 日
思科警告勒索软件操作利用零日漏洞

Cisco has issued a warning about a zero-day vulnerability, named CVE-2023-20269, in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) systems. This vulnerability is actively being exploited by ransomware operations seeking to gain initial access to corporate networks. The medium severity zero-day vulnerability affects the VPN feature of these Cisco systems, enabling unauthorized remote attackers to carry out brute force attacks on existing accounts.

By gaining access to these accounts, attackers can establish a clientless SSL VPN session within the compromised network, potentially leading to various consequences depending on the victim’s network configuration. Previous reports indicated that ransomware gangs, such as Akira and Lockbit, were targeting corporate networks primarily through Cisco VPN devices, potentially leveraging an unknown vulnerability.

The flaw, located within the web services interface of Cisco ASA and Cisco FTD devices, specifically impacts authentication, authorization, and accounting (AAA) functions. Improper separation of these AAA functions from other software features allows attackers to send authentication requests to the web services interface, compromising authorization components. The flaw enables unlimited brute force attempts on credentials without any rate limitation or blocking mechanism.

While Cisco has confirmed the existence of this zero-day vulnerability and provided workarounds in an interim security bulletin, official security updates for affected products have not been released. In the meantime, system administrators are advised to mitigate the flaw by implementing measures such as using Dynamic Access Policies (DAP) to halt VPN tunnels with specific group policies, adjusting access settings in the Default Group Policy, and applying restrictions to the LOCAL user database. Cisco also recommends securing Default Remote Access VPN profiles and enabling multi-factor authentication (MFA) to minimize the risk of successful attacks.

(Source: Cisco Advisory)

定义：
– Cisco Adaptive Security Appliance (ASA): A security device that combines firewall, VPN, and intrusion prevention capabilities.
– Cisco Firepower Threat Defense (FTD): A unified software image that combines firewall, VPN, and intrusion prevention features.
– Zero-day vulnerability: A software vulnerability that is unknown to the vendor or developer, providing an opportunity for attackers to exploit it before a patch or update is released.
– Ransomware: A type of malicious software that encrypts a victim’s data and demands a ransom to restore access to it.
– VPN (Virtual Private Network): A network technology that allows secure communication between remote networks or devices over a public network, such as the internet.
– SSL VPN (Secure Sockets Layer Virtual Private Network): An encrypted VPN technology that provides secure remote access to network resources.
– AAA (Authentication, Authorization, and Accounting): A framework for controlling and managing access to computer systems and network resources, involving authentication of users, authorization of their access rights, and recording their activities.

Note: This article does not contain the original source URL.

By 罗伯特·安德鲁

相关帖子

新闻中心

比较 Apple iCloud 钥匙串和 Google Passkey：哪个更好？

8 年 2023 月 XNUMX 日 薇琪斯塔夫罗普卢
新闻中心

利用技术：品类管理软件在北美互联网企业中的作用

8 年 2023 月 XNUMX 日
新闻中心

老爷车爱好者当前的车队：克莱斯勒和斯巴鲁的混合体

8 年 2023 月 XNUMX 日 薇琪斯塔夫罗普卢

你错过了

技术

Apple 支持将供应链排放纳入气候信息披露中

8 年 2023 月 XNUMX 日 曼波布雷西亚 0条评论
技术

苹果秋季 iPhone 发布会：谣言与泄密

8 年 2023 月 XNUMX 日 薇琪斯塔夫罗普卢 0条评论
技术

安德鲁·弗林托夫在《Top Gear》事故后重返板球

8 年 2023 月 XNUMX 日 加布里埃尔博塔 0条评论
新闻中心

比较 Apple iCloud 钥匙串和 Google Passkey：哪个更好？

8 年 2023 月 XNUMX 日 薇琪斯塔夫罗普卢 0条评论