Akira ransomware gang is exploiting old Cisco ASA/FTD CVE-2020-3259
Take action: Cisco ASA and FirePower Threat Defense are very often exposed on the internet. So consider yourself a target if you are running either of them, and start patching immediately. Or maybe you have already been hacked?
Learn More
Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an older security flaw in Cisco's security software that has been reportedly exploited in ransomware campaigns.
The flaw, tracked as CVE-2020-3259 (CVSS score 7.5), is an information disclosure vulnerability affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. It allows unauthorized remote attackers to access sensitive information from the memory of affected devices, potentially including login credentials. The vulnerability is particularly dangerous when the AnyConnect SSL VPN feature is enabled on the devices.
Initially patched by Cisco in May 2020, the vulnerability is exploited by the Akira ransomware group, as identified by cybersecurity firm Truesec. Per their analysis, Cisco AnyConnect SSL VPN was used as an entry point in several incidents where Akira ransomware was deployed. Truesec's findings show that at least six of the compromised devices were running vulnerable versions of the software, highlighting the critical need for organizations to apply the necessary patches.
CISA has mandated Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by March 7, 2024. All organizations using affected Cisco products are strongly advised to ensure they are not vulnerable to attacks exploiting this flaw.
