CVE-2023-20275

CWE-346 CWE-74 CWE-955 documents5 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 76.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedDec 12

Description

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper validation of the packet's inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacke…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software166 versions+165

▶CVEListV5cisco/cisco_firepower_threat_defense_software73 versions+72

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software166 versions+165

▶NVDcisco/firepower_threat_defense73 versions+72

🔴Vulnerability Details

CVEList

CVE-2023-20275: A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Softwar↗2023-12-12

▶

GHSA

GHSA-6q64-g7xj-vc8f: A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Softwar↗2023-12-12

▶

GHSA

XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector↗2023-04-20

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Packet Validation Vulnerability↗2023-12-05

▶