CVE-2020-3585

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls (affected versions not specified)

Description: A vulnerability in the TLS handler could allow an unauthenticated, remote attacker to gain access to sensitive information. The issue is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this by sending crafted TLS messages to the device, allowing them to carry out a chosen-ciphertext attack. A successful exploit could enable the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this, an attacker must capture TLS traffic in transit between clients and the affected device and establish a considerable number of TLS connections to the affected device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.