CVE-2020-3308

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description The issue is related to the improper verification of digital signatures for patch images in the Image Signature Verification feature. This could allow a remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The attacker could exploit this by crafting an unsigned software patch to bypass signature checks and loading it on the device. A successful exploit could allow the attacker to boot a malicious software patch image.

Recommendations For Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Image Signature Verification feature until a patch is available. Avoid loading unsigned software patches on affected devices until the issue is resolved.