CVE-2022-20742

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description The issue is related to a flaw in the implementation of Galois/Counter Mode (GCM) ciphers in the IPsec VPN library, which could allow a remote attacker to gain unauthorized access to protected information through an IPsec IKEv2 VPN tunnel. An attacker in a man-in-the-middle position could exploit this by intercepting encrypted messages and using cryptanalytic techniques to break the encryption, potentially allowing them to decrypt, read, modify, and re-encrypt data transmitted across the affected VPN tunnel.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.