The US security agency CISA has added an old flaw affecting Cisco security appliances to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to address it as soon as possible.
The vulnerability, tracked as CVE-2020-3259, affects Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products. It can be exploited by a remote, unauthenticated attacker to obtain potentially sensitive information from an affected device’s memory, including access credentials.
The vulnerability can be exploited against devices that have the Anyconnect SSL VPN feature enabled.
The flaw was patched by Cisco in 2020, but it recently started making headlines after cybersecurity firm Truesec found evidence suggesting that it has been exploited by the Akira ransomware group.
“An analysis of the eight latest incident response missions conducted by Truesec, where Akira ransomware had been deployed, and the Cisco Anyconnect SSL VPN was confirmed as the entry point, showed that at least six of the compromised devices were running different versions of the vulnerable software,” Truesec said in late January.
CISA has now added CVE-2020-3259 to its KEV catalog, noting that it has been exploited in ransomware attacks.
The agency has instructed government agencies to address the vulnerability by March 7, but all organizations are strongly urged to ensure their systems cannot be penetrated via this vulnerability.
Cisco has yet to update its advisory to mention in-the-wild exploitation.
Related: CISA Warns of Roundcube Webmail Vulnerability Exploitation
Related: CISA Warns of Apache Superset Vulnerability Exploitation
Related: Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware