cisco-patches-high-severity-vulnerability-affecting-asa-and-firepower-solutions

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances.

The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a “logic error” when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.

Successful exploitation of the flaw could allow an attacker to retrieve the RSA private key by means of a Lenstra side-channel attack against the targeted device.

“If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic,” Cisco warned in an advisory issued on August 10.

Cisco noted that the flaw impacts only Cisco ASA Software releases 9.16.1 and later and Cisco FTD Software releases 7.0.0 and later. Affected products are listed below –

  • ASA 5506-X with FirePOWER Services
  • ASA 5506H-X with FirePOWER Services
  • ASA 5506W-X with FirePOWER Services
  • ASA 5508-X with FirePOWER Services
  • ASA 5516-X with FirePOWER Services
  • Firepower 1000 Series Next-Generation Firewall
  • Firepower 2100 Series Security Appliances
  • Firepower 4100 Series Security Appliances
  • Firepower 9300 Series Security Appliances, and
  • Secure Firewall 3100

ASA software versions 9.16.3.19, 9.17.1.13, and 9.18.2, and FTD software releases 7.0.4, 7.1.0.2-2, and 7.2.0.1 have been released to address the security vulnerability.

Cisco credited Nadia Heninger and George Sullivan of the University of California San Diego and Jackson Sippe and Eric Wustrow of the University of Colorado Boulder for reporting the bug.

Also patched by Cisco is a client-side request smuggling flaw in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance (ASA) Software that could enable an unauthenticated, remote attacker to conduct browser-based attacks, such as cross-site scripting, against the victim.

The company said the weakness, CVE-2022-20713 (CVSS score: 4.3), impact Cisco devices running a release of Cisco ASA Software earlier than release 9.17(1) and have the Clientless SSL VPN feature turned on.

While there are no workarounds to remediate the flaw, affected users can disable the Clientless SSL VPN feature, although Cisco warns doing so “may negatively impact the functionality or performance” of the network.

The development comes as cybersecurity firm Rapid7 disclosed details of 10 bugs found in ASA, Adaptive Security Device Manager (ASDM), and FirePOWER Services Software for ASA, seven of which have since been addressed by Cisco.

These include CVE-2022-20829 (CVSS score: 9.1), CVE-2022-20651 (CVSS score: 5.5), CVE-2021-1585 (CVSS score: 7.5), CVE-2022-20828 (CVSS score: 6.5), and three other flaws that have not been assigned a CVE identifier.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Top 6 Cell Phone Tracker Apps for Parental Control

Top 6 Cell Phone Tracker Apps for Parental Control

Do you have difficulty knowing what your kids are up to when you’re not around? Do you want to ensure…
Moses Staff Hackers Publish Footage of Jerusalem Explosion

Moses Staff Hackers Publish Footage of Jerusalem Explosion

In a dramatic series of events, an Iranian hacker group by the name of Moses Staff published footage of the…
Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Cyble Research & Intelligence Labs (CRIL) recently uncovered a phishing campaign used by threat actors to deliver cryptocurrency miner softwares…