CVE-2023-20107

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions prior to the fixed version Cisco Firepower Threat Defense (FTD) Software versions prior to the fixed version

Description The issue is related to the deterministic random bit generator (DRBG) in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. It is caused by insufficient entropy in the DRBG when generating cryptographic keys. An unauthenticated, remote attacker could exploit this issue by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software, update to a version that includes the fix for this issue. For Cisco Firepower Threat Defense (FTD) Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the affected devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.