A vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software that could allow for unauthorized access. Cisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors for any distributed network environment. Cisco Firepower Threat Defense (FTD) Software is an integrative software image combining CISCO ASA and Firepower feature into one hardware and software inclusive system to assist in flagging specific network traffic patterns, create alerts and better control your network. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. Utilizing the brute force attack to obtain valid credentials, an attacker could use this to establish unauthorized VPN sessions and then install ransomware.
