Cisco has addressed a prime severity vulnerability affecting its Adaptive Safety Equipment (ASA) and Firepower Danger Protection (FTD) device.
Tracked as CVE-2022-20866, this safety flaw is because of a weak point in dealing with RSA keys on ASA and FTD units.
If effectively exploited, it will possibly let unauthenticated attackers retrieve an RSA non-public key remotely, which they may be able to use to decrypt the instrument site visitors or impersonate Cisco ASA/FTD units.
“This vulnerability is because of a common sense error when the RSA key’s saved in reminiscence on a {hardware} platform that plays hardware-based cryptography,” Cisco stated in a safety advisory printed on Wednesday.
“An attacker may exploit this vulnerability through the usage of a Lenstra side-channel assault towards the centered instrument.”
RSA keys (saved in reminiscence or flash) on susceptible device releases might be malformed (non-working however prone to non-public key robbery) or inclined (legitimate however prone to robbery), without reference to the place they have been generated.
The vulnerability impacts Cisco merchandise operating susceptible Cisco ASA (9.16.1 and later) or Cisco FTD (7.0.0 and later) device which carry out hardware-based cryptographic purposes:
- ASA 5506-X with FirePOWER Services and products
- ASA 5506H-X with FirePOWER Services and products
- ASA 5506W-X with FirePOWER Services and products
- ASA 5508-X with FirePOWER Services and products
- ASA 5516-X with FirePOWER Services and products
- Firepower 1000 Collection Subsequent-Era Firewall
- Firepower 2100 Collection Safety Home equipment
- Firepower 4100 Collection Safety Home equipment
- Firepower 9300 Collection Safety Home equipment
- Protected Firewall 3100
Cisco says that if a key was once configured to be used at any time, it’s also conceivable that the RSA non-public key has been leaked to risk actors.
“As the results of this vulnerability, Cisco ASA or FTD instrument directors might wish to take away malformed or inclined RSA keys and in all probability revoke any certificate related to the ones RSA keys,” the corporate added.
“It is because it’s conceivable the RSA non-public key has been leaked to a malicious actor.”
Cisco has credited Nadia Heninger and George Sullivan of the College of California San Diego and Jackson Sippe and Eric Wustrow of the College of Colorado Boulder for reporting the safety flaw.
The networking large’s Product Safety Incident Reaction Crew (PSIRT) says it discovered no proof of exploitation in assaults, even supposing knowledge referring to this vulnerability has already been shared publicly.
Cisco’s safety advisory supplies additional info referring to susceptible configurations and signs of compromise for Cisco ASA or FTD Tool fastened releases.
One week in the past, Cisco additionally addressed essential safety insects affecting Small Trade VPN routers that may let unauthenticated attackers execute arbitrary code or instructions remotely and cause a denial of provider (DoS) on unpatched units.