Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.
The flaw, tracked as CVE-2022-20866, impacts the handling of RSA keys on devices running Cisco ASA Software and FTD Software, an unauthenticated, remote attacker can trigger it to retrieve an RSA private key. Once obtained the key, the attackers can impersonate a device that is running ASA/FTD Software or to decrypt the device traffic.
“This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key.” reads the advisory published by the IT giant.
The advisory states that the following conditions may be observed on an affected device:
The flaw impacts products running vulnerable Cisco ASA (9.16.1 and later) or Cisco FTD (7.0.0 and later) software that perform hardware-based cryptographic functions:
Cisco recommends administrators of ASA/FTD devices to remove malformed or susceptible RSA keys and possibly revoke any certificates associated with those RSA keys, because it is possible that the RSA private key has been leaked to a malicious actor.
The flaw was reported by Nadia Heninger and George Sullivan of the University of California San Diego and Jackson Sippe and Eric Wustrow of the University of Colorado Boulder.
Cisco has credited Nadia Heninger and George Sullivan of the University of California San Diego and Jackson Sippe and Eric Wustrow of the University of Colorado Boulder for reporting the security flaw.
The Product Security Incident Response Team (PSIRT) is not aware of attacks in the wild exploiting this issue.
(SecurityAffairs – hacking, ASA)