Security News > 2022 > August > Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions
2022-08-12 08:48

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances.

The issue, assigned the identifier CVE-2022-20866, has been described as a "Logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software.

"If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic," Cisco warned in an advisory issued on August 10.

Cisco noted that the flaw impacts only Cisco ASA Software releases 9.16.1 and later and Cisco FTD Software releases 7.0.0 and later.

The company said the weakness, CVE-2022-20713, impact Cisco devices running a release of Cisco ASA Software earlier than release 9.17(1) and have the Clientless SSL VPN feature turned on.

The development comes as cybersecurity firm Rapid7 disclosed details of 10 bugs found in ASA, Adaptive Security Device Manager, and FirePOWER Services Software for ASA, seven of which have since been addressed by Cisco.


News URL

https://thehackernews.com/2022/08/cisco-patches-high-severity.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2022-20866 Information Exposure Through Discrepancy vulnerability in Cisco products
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.
network
low complexity
cisco CWE-203
7.5
2022-08-10 CVE-2022-20713 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device.
network
low complexity
cisco CWE-79
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4427 230 3112 1861 609 5812