Cisco ASA/FTD SAML SSO URL Validation Flaw
CVE-2023-20264 Published on November 1, 2023

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network.

NVD

Vulnerability Analysis

CVE-2023-20264 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

What is an Open Redirect Vulnerability?

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.

CVE-2023-20264 has been classified to as an Open Redirect vulnerability or weakness.

Products Associated with CVE-2023-20264

stack.watch emails you whenever new vulnerabilities are published in Cisco Adaptive Security Appliance Software or Cisco Firepower Threat Defense. Just hit a watch button to start following.

Cisco Adaptive Security Appliance Software

Cisco Firepower Threat Defense

Affected Versions

Cisco Adaptive Security Appliance (ASA) Software:

Version 9.18.1 is affected.
Version 9.18.1.3 is affected.
Version 9.18.2 is affected.
Version 9.18.2.5 is affected.
Version 9.18.2.7 is affected.
Version 9.18.2.8 is affected.
Version 9.18.3 is affected.
Version 9.18.3.39 is affected.
Version 9.18.3.46 is affected.
Version 9.19.1.5 is affected.
Version 9.19.1.9 is affected.
Version 9.19.1.12 is affected.

Cisco Firepower Threat Defense Software:

Version 7.2.4 is affected.

Exploit Probability

EPSS

0.07%

Percentile

21.27%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.