# Akira's Exploited Vulnerabilities
> [!NOTE]
> This is the list of vulnerabilities that have been observed during intrusions that lead to Akira ransomware deployment or data exfiltration and leaks published to Akira's Tor Site

### `Cisco`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| ASA & FTD | CVE-2023-20269 | Akira | [cisco.com](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs) |
| ASA & FTD |  CVE-2023-20263 | Akira | [blog.talosintelligence.com](https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/)|
| ASA & FTD | CVE-2020-3259 | Akira | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a) |

### `Fortinet`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| FortiOS | CVE-2022-40684 | Akira | [stairwell.com](https://stairwell.com/resources/akira-pulling-on-the-chains-of-ransomware/) |
| FortiOS | CVE-2019-6693 | Akira | [stairwell.com](https://stairwell.com/resources/akira-pulling-on-the-chains-of-ransomware/) |
| FortiClient | CVE-2023-48788 | Akira | [blog.talosintelligence.com](https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/)|

### `SonicWall`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
|  SonicOS SSL-VPN | CVE-2024-40766 | Akira | [arcticwolf.com](https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/) |

### `Veeam`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Backup & Replication | CVE-2024-40711 | Akira | [@SophosXOps](https://infosec.exchange/@SophosXOps/113284564225476186) |
| Backup & Replication | CVE-2023-27532 | Akira | [sophos.com](https://news.sophos.com/en-us/2023/12/21/akira-again-the-ransomware-that-keeps-on-taking/) |

### `VMware`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| ESXi | CVE-2024-37085 ("ESX Admins") | Akira | [microsoft.com](https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/) |
| vSphere Client | CVE-2021-21972 | Akira | [qualys.com](https://blog.qualys.com/vulnerabilities-threat-research/2024/10/02/threat-brief-understanding-akira-ransomware) |

---

#### Sources
| Date Published | Report |
|---|---|
| 10 Oct 2024 | https://infosec.exchange/@SophosXOps/113284564225476186 |
| 2 Oct 2024 | https://blog.qualys.com/vulnerabilities-threat-research/2024/10/02/threat-brief-understanding-akira-ransomware |
| 6 Sept 2024 | https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/ |
| 29 July 2024 | https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/ 
| 18 April 2024 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a |
| 21 Dec 2023 | https://news.sophos.com/en-us/2023/12/21/akira-again-the-ransomware-that-keeps-on-taking/ |
| 6 Sept 2023 | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs |
| 23 Aug 2023 | https://stairwell.com/resources/akira-pulling-on-the-chains-of-ransomware/ |