Vulnslist

find the latest Cisco vulnerabilities

CVE-2023-20247

A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN session establishment. A successful exploit could allow the attacker to bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile.

SeverityMEDIUM
CVSS5.0
CWECWE-288
KEV
Published
Modified

Related Products

Product Advisory Evidence
Cisco Secure Firewall Threat Defense Virtual cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco Secure Firewall Threat Defense (FTD) Software cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco Secure Firewall 3100 Series cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco Firepower 9000 Series cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco Firepower 4100 Series cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco Firepower 2100 Series cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco Firepower 1000 Series cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco Adaptive Security Virtual Appliance (ASAv) cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco ASA 5500-X Series Firewalls cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln
Cisco 3000 Series Industrial Security Appliances (ISA) cisco-sa-asaftd-multi-cert-dzA3h5PT Cisco OpenVuln