This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a critical alert regarding a security flaw affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices. The vulnerability tracked as CVE-2020-3259, has been added to CISA’s Known Exploited Vulnerabilities catalog.
The Details
- Vulnerability: CVE-2020-3259
- Severity: High (CVSS score: 7.5)
- Description: An information disclosure issue resides in the web services interface of ASA and FTD.
- Fix: Cisco addressed the flaw in May 2020.
Ransomware Campaigns
The vulnerability has been exploited in ransomware campaigns, but CISA has not disclosed the specific ransomware groups involved.
Akira Ransomware Group
In January, cybersecurity firm Truesec reported that the Akira ransomware group actively exploited CVE-2020-3259. Truesec’s CSIRT team discovered forensic evidence pointing to ongoing attacks targeting Cisco ASA and FTD appliances.
How It Works
An attacker can trigger the vulnerability to extract sensitive data from the memory of affected devices, including usernames and passwords.
Entry Point
Truesec’s analysis of eight incidents revealed that the flaw in Cisco Anyconnect SSL VPN served as the entry point for at least six compromised devices.
“When the vulnerability was made public in 2020, no known public exploits were available. However, there are now indications that this vulnerability might be actively exploited,” continues the report.
Akira Ransomware Group Strikes: A Menace to Organizations Worldwide
The notorious Akira ransomware group has been wreaking havoc since March 2023, leaving a trail of compromised organizations across various sectors, including education, finance, and real estate. Their audacious claims of infiltrating multiple networks have sent shockwaves through the cybersecurity community.
Like their ransomware counterparts, the Akira gang has devised a potent Linux encryptor specifically tailored to target VMware ESXi servers. Their sophisticated techniques have made them a formidable adversary, exploiting vulnerabilities with precision.
Known Vulnerability: CVE-2020-3259
The vulnerability in question, CVE-2020-3259, resides in the web services interface of Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices. Although Cisco addressed this flaw in May 2020, the Akira group relentlessly exploits it.
Government Response
Binding Operational Directive (BOD) 22-01, aptly named “Reducing the Significant Risk of Known Exploited Vulnerabilities,” mandates that federal agencies take swift action. They must address identified vulnerabilities by the specified due date to fortify their networks against malicious attacks stemming from the flaws listed in the catalog.
Private Sector Alert
Security experts emphasize that private organizations should also scrutinize the catalog and promptly rectify any vulnerabilities within their infrastructure. Vigilance is paramount to thwarting cyber threats.
The clock is ticking: CISA has ordered federal agencies to patch the CVE-2020-3259 vulnerability by March 7, 2024. The stakes are high, and the battle against cyber adversaries intensifies.
