CVE-2020-3458

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions prior to the fixed version Cisco Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances versions prior to the fixed version

Description The issue is related to insufficient protections of the secure boot process in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software. An authenticated, local attacker could exploit this by injecting code into specific files referenced during the device boot process, potentially breaking the chain of trust and injecting code into the boot process. This could allow the attacker to maintain persistence across reboots.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software, update to a version that includes the fix for the secure boot mechanism vulnerability. For Cisco Firepower Threat Defense (FTD) Software, update to a version that includes the fix for the secure boot mechanism vulnerability. As a temporary workaround, consider restricting access to the device boot process to minimize the risk of exploitation.