First published: Wed Nov 01 2023(Updated: )
A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Adaptive Security Appliance Software | >=9.18.1<=9.18.3.46 | |
Cisco Adaptive Security Appliance Software | >=9.19.1.5<=9.19.1.12 | |
Cisco Firepower Threat Defense | =7.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-20264 is medium (6.1).
The vulnerability in CVE-2023-20264 is a security flaw in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN.
The Cisco Adaptive Security Appliance (ASA) Software versions 9.18.1 - 9.18.3 and 9.19.1.5 - 9.19.1.12, as well as Cisco Firepower Threat Defense (FTD) Software version 7.2.4, are affected by CVE-2023-20264.
An unauthenticated, remote attacker can intercept the SAML messages and potentially gain unauthorized access to sensitive information.
Apply the relevant security patches provided by Cisco to fix CVE-2023-20264.