Re: CVE-2023-20269 - AnyConnect

IbrahimElbagouri57340 · ‎11-06-2023

Hello All,

can anyone tell me if there is any update regarding a patch for anyConnect CVE-2023-20269

Thanks in advance!

Rob Ingram · ‎11-06-2023

@IbrahimElbagouri57340 what software are you using, ASA of FTD? There is a hotifx for FTD 7.0.6 and 7.2.5.

You can run the advisory tool and check whether your software version is affected by this advisory. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC

IbrahimElbagouri57340 · ‎11-06-2023

thanks for the info,

we are unsing:

asa9-14-4-14

asdm-7181-152

we have cisco ASA no FTD. from the link you shared it is not affected? correct?

how we can check that?

Thanks!

Rob Ingram · ‎11-06-2023

@IbrahimElbagouri57340 the checker is built-in to that link I provided, you put your ASA version into the checker.

and it looks like your software is affected and you need to upgrade

IbrahimElbagouri57340 · ‎11-06-2023

@Rob Ingramfor our ASA 5525-X I see the list image on software center is "asa9-14-4-23-" and based on the checker the solution for this AnyConnect vulnerablity is 9.16.4.39. do you know how we can get a solution for that or is there is any patch file that can be used in this case?

Thanks in advance!

Rob Ingram · ‎11-06-2023

@IbrahimElbagouri57340 no there are no more bug fixes for that hardware, so you will be unable to patch.

You will need to replace the hardware with the new Firepower 1000 or 2000 series hardware, which does support the latest ASA software versions.