First published: Wed Oct 21 2020(Updated: )
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-tls-bb-2g9uWkP
Credit: This vulnerability was found during the resolution a Cisco TAC support case
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco ASA Software | =9.14<9.14.1.30>=Earlier than 9.13<=9.13<9.13.1.13 | 9.14.1.30 9.13.1.13 |
Cisco FTD Software | >=Earlier than 6.4.0<=6.4.0<6.4.0.10 | 6.4.0.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco ASA and FTD vulnerability is cisco-sa-asaftd-tls-bb-2g9uWkP.
The title of this vulnerability is 'Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability'.
The severity rating for this vulnerability is medium with a value of 5.3.
Cisco ASA Software versions 9.14 up to 9.14.1.30 and versions earlier than 9.13 up to 9.13.1.13, as well as Cisco FTD Software versions earlier than 6.4.0 up to 6.4.0.10 are affected by this vulnerability.
An unauthenticated, remote attacker can exploit this vulnerability to gain access to sensitive information through the TLS handler of Cisco ASA Software and Cisco FTD Software on Cisco Firepower 1000 Series firewalls.