7.5
CWE
203
Advisory Published
Updated

CVE-2022-20866: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability

First published: Wed Aug 10 2022(Updated: )

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Adaptive Security Appliance Software>=9.16.0<9.16.3.19
Cisco Adaptive Security Appliance Software>=9.17.0<9.17.1.13
Cisco Adaptive Security Appliance Software>=9.18.0<9.18.2
Cisco Firepower Threat Defense>=7.0.0<7.0.4
Cisco Firepower Threat Defense>=7.1.0<7.2.0.1
Cisco ASA 5506-X
Cisco Asa 5506h-x
Cisco Asa 5506w-x
Cisco Asa 5508-x
Cisco Asa 5516-x
Cisco Firepower 1000
Cisco Firepower 1010
Cisco Firepower 1020
Cisco Firepower 1030
Cisco Firepower 1040
Cisco Firepower 1120
Cisco Firepower 1140
Cisco Firepower 1150
Cisco Firepower 2100
Cisco Firepower 2110
Cisco Firepower 2120
Cisco Firepower 2130
Cisco Firepower 2140
Cisco Firepower 4100
Cisco Firepower 4110
Cisco Firepower 4112
Cisco Firepower 4115
Cisco Firepower 4120
Cisco Firepower 4125
Cisco Firepower 4140
Cisco Firepower 4145
Cisco Firepower 4150
Cisco Firepower 9300
Cisco Secure Firewall 3110
Cisco Secure Firewall 3120
Cisco Secure Firewall 3130
Cisco Secure Firewall 3140

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2022-20866?

    CVE-2022-20866 is a vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.

  • What is the severity of CVE-2022-20866?

    The severity of CVE-2022-20866 is high, with a CVSS score of 7.5.

  • Which software versions are affected by CVE-2022-20866?

    Devices running Cisco Adaptive Security Appliance (ASA) Software versions 9.16.0 to 9.16.3.19, 9.17.0 to 9.17.1.13, and 9.18.0 to 9.18.2, as well as Cisco Firepower Threat Defense (FTD) Software versions 7.0.0 to 7.0.4 and 7.1.0 to 7.2.0.1 are affected by CVE-2022-20866.

  • How can an attacker exploit CVE-2022-20866?

    An unauthenticated, remote attacker can exploit CVE-2022-20866 to retrieve an RSA private key due to a logic error when the RSA key is processed.

  • Is Cisco ASA 5506-X vulnerable to CVE-2022-20866?

    No, Cisco ASA 5506-X is not vulnerable to CVE-2022-20866.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203