A critical security vulnerability has been detected in the Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that could allow an unauthenticated threat actor to gain access to the RSA Private Key. ASA software is the core operating system of Cisco’s ASA security appliances that protect data centers and corporate networks, while FTD software provides next-generation firewall (NGFW) service.
The vulnerability with code CVE-2022-20866 is caused by a logic error caused by storing the RSA key in memory on a hardware platform that performs hardware-based encryption. A remote threat actor can exploit the vulnerability to execute a Lenstra Side-Channel attack and gain access to the RSA key. A compromised RSA Private Key can be used to impersonate a device running Cisco ASA Software or Cisco FTD Software or to decrypt device traffic.
Cisco stated that the vulnerability only affects Cisco ASA Software 9.16.1 and later versions, Cisco FTD Software 7.0.0 and later versions, and has released security updates that fix the vulnerability. In this context, it is recommended that users using vulnerable Cisco ASA and FTD software versions immediately apply the published updates so that they are not the target of attacks that can be carried out using the vulnerability.