CVE-2022-20866

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 9.16.1 and later Cisco Firepower Threat Defense (FTD) Software versions 7.0.0 and later

Description A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. Approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software are expected to be affected. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software versions 9.16.1 and later, administrators may need to remove improperly formed or vulnerable RSA keys and likely revoke any certificates associated with these keys. For Cisco Firepower Threat Defense (FTD) Software versions 7.0.0 and later, administrators may need to remove improperly formed or vulnerable RSA keys and likely revoke any certificates associated with these keys. As a temporary workaround, consider disabling the use of RSA keys on affected devices until a patch is available.