cvelistv5 - cve-2022-20866

cve-2022-20866

Vulnerability from cvelistv5

Published

2022-08-10 00:00

Modified

2024-08-03 02:24

Severity

7.4 (High) - cvssV3_1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability

References

Source	URL	Tags
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz	Vendor Advisory

Impacted products

Vendor	Product
Cisco	Cisco Adaptive Security Appliance (ASA) Software

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:50.207Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220810 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Adaptive Security Appliance (ASA) Software ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is aware of a public announcement of the vulnerability that is described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T16:20:19",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220810 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz",
        "defect": [
          [
            "CSCwb88651",
            "CSCwc28334"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-08-10T23:00:00",
          "ID": "CVE-2022-20866",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Adaptive Security Appliance (ASA) Software ",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is aware of a public announcement of the vulnerability that is described in this advisory. "
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N ",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220810 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz",
          "defect": [
            [
              "CSCwb88651",
              "CSCwc28334"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20866",
    "datePublished": "2022-08-10T00:00:00",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-08-03T02:24:50.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-20866\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2022-08-10T17:15:08.487\",\"lastModified\":\"2023-11-07T03:43:09.967\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el manejo de las claves RSA en los dispositivos que ejecutan el software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir a un atacante remoto no autenticado recuperar una clave privada RSA. Esta vulnerabilidad es debido a un error l\u00f3gico cuando la clave RSA es almacenada en la memoria de una plataforma de hardware que lleva a cabo criptograf\u00eda basada en hardware. Un atacante podr\u00eda explotar esta vulnerabilidad al usar un ataque de canal lateral Lenstra contra el dispositivo objetivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante recuperar la clave privada RSA. Las siguientes condiciones pueden observarse en un dispositivo afectado: Esta vulnerabilidad ser\u00e1 aplicada a aproximadamente el 5 por ciento de las claves RSA en un dispositivo que est\u00e9 ejecutando una versi\u00f3n vulnerable del software Cisco ASA o del software Cisco FTD; no es esperado que todas las claves RSA sean afectadas debido a c\u00e1lculos matem\u00e1ticos aplicados a la clave RSA. La clave RSA podr\u00eda ser v\u00e1lida pero tener caracter\u00edsticas espec\u00edficas que la hacen vulnerable a una posible filtraci\u00f3n de la clave privada RSA. Si un atacante obtiene la clave privada RSA, podr\u00eda usarla para hacerse pasar por un dispositivo que est\u00e9 ejecutando el software Cisco ASA o el software Cisco FTD o para descifrar el tr\u00e1fico del dispositivo. Consulte la secci\u00f3n Indicadores de compromiso para obtener m\u00e1s informaci\u00f3n sobre la detecci\u00f3n de este tipo de clave RSA. La clave RSA podr\u00eda estar malformada y no ser v\u00e1lida. Una clave RSA malformada no es funcional, y una conexi\u00f3n de cliente TLS a un dispositivo que ejecuta el software Cisco ASA o el software Cisco FTD que usa la clave RSA malformada resultar\u00e1 en un fallo de la firma TLS, lo que significa que una versi\u00f3n de software vulnerable cre\u00f3 una firma RSA no v\u00e1lida que fall\u00f3 en la verificaci\u00f3n. Si un atacante obtiene la clave privada RSA, podr\u00eda usarla para hacerse pasar por un dispositivo que est\u00e9 ejecutando el software Cisco ASA o el software Cisco FTD o para descifrar el tr\u00e1fico del dispositivo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.16.0\",\"versionEndExcluding\":\"9.16.3.19\",\"matchCriteriaId\":\"107E5744-F632-406D-AAE9-C04BF910D042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.17.0\",\"versionEndExcluding\":\"9.17.1.13\",\"matchCriteriaId\":\"299D4D24-6DF2-47DE-8DDD-71F8796A037A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.18.0\",\"versionEndExcluding\":\"9.18.2\",\"matchCriteriaId\":\"AC4CE962-515C-42EF-A209-1B82330D2049\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.4\",\"matchCriteriaId\":\"D8E887FA-6D5C-4AAB-BFBF-4239C1822BDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.0\",\"versionEndExcluding\":\"7.2.0.1\",\"matchCriteriaId\":\"526BB5E8-D3CB-468B-B55A-C1FB032EB45A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa_5506-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"763B801D-CA1E-4C56-8B06-3373EA307C7E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa_5506h-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30AC6907-3091-409F-967D-64A82A0C5A8C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa_5506w-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D11AF728-8EB0-45EB-A7DD-F2D52B3BB7B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa_5508-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92AE506A-E710-465B-B795-470FDE0E0ECA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa_5516-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E07AF10-FFB2-4AC7-BBE7-199C3EFED81F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6F79864-CA70-4192-AC2C-E174DF3F25B2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFE3880-4B85-4E23-9836-70875D5109F7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1020:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA8B5AF8-6A57-482A-9442-E857EE7E207B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1030:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9929280-2AAC-4B56-A42C-1F6EDE83988E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1040:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F29B6BC3-D716-4A3D-9679-B7BE81F719C8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"727A02E8-40A1-4DFE-A3A2-91D628D3044F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19F6546E-28F4-40DC-97D6-E0E023FE939B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D23A26EF-5B43-437C-A962-4FC69D8A0FF4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52D96810-5F79-4A83-B8CA-D015790FCF72\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16FE2945-4975-4003-AE48-7E134E167A7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"976901BF-C52C-4F81-956A-711AF8A60140\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E9552E6-0B9B-4B32-BE79-90D4E3887A7B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0CBC7F5-7767-43B6-9384-BE143FCDBD7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"957D64EB-D60E-4775-B9A8-B21CA48ED3B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A694AD51-9008-4AE6-8240-98B17AB527EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38AE6DC0-2B03-4D36-9856-42530312CC46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71DCEF22-ED20-4330-8502-EC2DD4C9838F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DB2822B-B752-4CD9-A178-934957E306B4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F4868A-6D62-479C-9C19-F9AABDBB6B24\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65378F3A-777C-4AE2-87FB-1E7402F9EA1B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DAFDDA-718B-4B69-A524-B0CEB80FE960\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_firewall_3110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87403E0F-659C-4C5B-863D-0274D2828A9A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_firewall_3120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73D24C57-2311-48E9-879E-124472E98F6F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_firewall_3130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE02D38A-5354-47E6-A46F-06D53F14F5A8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_firewall_3140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F191A423-DB18-4F3A-9D31-C3DD8F185C88\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-96q7-c2w2-93p8

Vulnerability from github

Published

2022-08-11 00:00

Modified

2022-08-16 00:00

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-20866"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-10T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic.",
  "id": "GHSA-96q7-c2w2-93p8",
  "modified": "2022-08-16T00:00:24Z",
  "published": "2022-08-11T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20866"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cisco-sa-asaftd-rsa-key-leak-ms7uefzz

Vulnerability from csaf_cisco

Published

2022-08-10 16:00

Modified

2022-08-10 16:00

Summary

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability

Notes

Summary

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise ["#ic"] section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"]

Vulnerable Products

This vulnerability affects the following Cisco products, which perform hardware-based cryptographic functions, if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software: ASA 5506-X with FirePOWER Services ASA 5506H-X with FirePOWER Services ASA 5506W-X with FirePOWER Services ASA 5508-X with FirePOWER Services ASA 5516-X with FirePOWER Services Firepower 1000 Series Next-Generation Firewall Firepower 2100 Series Security Appliances Firepower 4100 Series Security Appliances Firepower 9300 Series Security Appliances Secure Firewall 3100 Additional information: This vulnerability affects only Cisco ASA Software releases 9.16.1 and later and Cisco FTD Software releases 7.0.0 and later; all earlier software releases are not affected. If a customer is running Cisco ASA Software Release 9.15 or earlier or Cisco FTD Software Release 6.7 or earlier, the device is not considered vulnerable as long as none of the RSA keys present on the device were generated by a vulnerable software release. This vulnerability applies to RSA keys only. Elliptic Curve Digital Signature Algorithm (ECDSA) keys and Edwards-curve Digital Signature Algorithm (EdDSA) keys are not vulnerable. This vulnerability applies to all RSA keys that are stored in memory or flash on a vulnerable software release, which means an RSA key could become malformed or susceptible to the RSA private key leak during the following actions: When generating a new RSA key on a vulnerable software release When a good RSA key is upgraded from an earlier, non-vulnerable software release to a vulnerable software release When importing the RSA key on a vulnerable software release Thus, any RSA key on a vulnerable software release, regardless of where it was originally generated, could be malformed (non-working but vulnerable to the RSA private key leak) or susceptible (valid but vulnerable to the RSA private key leak). If the RSA key was configured for use at any time, then it is possible the RSA private key has been leaked to malicious actors. Vulnerable Configurations If an RSA key is flagged by the Cisco off-box detection script or any of the conditions noted in the Indicators of Compromise ["#ic"] section of this advisory, Cisco recommends that the RSA key be replaced and any certificates that use this RSA key pair be revoked and replaced. The following Cisco ASA and FTD Software features are known to be used with a configured RSA key; however, any flagged RSA key should be replaced on the device. ASA Software In the following table, the left column lists the Cisco ASA Software features that are potentially vulnerable if a malformed or susceptible RSA key is associated with that feature's configuration. The right column indicates the basic configuration for the feature from the show running-config CLI command, if it can be determined. Cisco ASA Software Feature Possible Vulnerable Configuration Adaptive Security Device Manager (ASDM)1 http server enable <port> http <remote_ip_address> <remote_subnet_mask> <interface_name> AnyConnect SSL VPN webvpn enable <interface_name> Cisco Security Manager (CSM)1 http server enable <port> http <remote_ip_address> <remote_subnet_mask> <interface_name> Clientless SSL VPN (WebVPN)2 webvpn enable <interface_name> Internet Key Exchange Version 1 (IKEv1) VPN (remote access and LAN-to-LAN) using certificate-based authentication crypto ikev1 enable <interface_name> crypto ikev1 policy <priority> authentication rsa-sig tunnel-group <tunnel_group_name> ipsec-attributes trust-point <trustpoint_name> Internet Key Exchange Version 2 (IKEv2) VPN (remote access and LAN-to-LAN) using certificate-based authentication crypto ikev2 enable <interface_name> tunnel-group <tunnel_group_name> ipsec-attributes ikev2 remote-authentication certificate ikev2 local-authentication certificate <trustpoint_name> Proxy Bypass webvpn proxy-bypass TLS Proxy tls-proxy <name> REST API1 rest-api image disk0:/<image name> rest-api agent SSH Access3 ssh <remote_ip_address> <remote_subnet_mask> <interface_name> 1. ASDM, CSM, and REST API services are accessible only from an IP address in the configured http command range. 2. Clientless SSL VPN is no longer supported in Cisco ASA Software releases 9.17(1) and later. 3. SSH service is accessible only from an IP address in the configured ssh command range. FTD Software In the following table, the left column lists the Cisco FTD Software features that are potentially affected if a malformed or susceptible RSA key is associated with that feature's configuration. The right column indicates the basic configuration for the feature from the show running-config CLI command, if it can be determined. Cisco FTD Feature Possible Vulnerable Configuration AnyConnect SSL VPN1,2 webvpn enable <interface_name Clientless SSL VPN (WebVPN)2 webvpn enable <interface_name> IKEv1 VPN (remote access and LAN-to-LAN) using certificate-based authentication1,2 crypto ikev1 enable <interface_name> crypto ikev1 policy <priority> authentication rsa-sig tunnel-group <tunnel_group_name> ipsec-attributes trust-point <trustpoint_name> IKEv2 VPN (remote access and LAN-to-LAN) using certificate-based authentication1,2 crypto ikev2 enable <interface_name> tunnel-group <tunnel_group_name> ipsec-attributes ikev2 remote-authentication certificate ikev2 local-authentication certificate <trustpoint_name> 1. Remote access VPN features are enabled through Devices > VPN > Remote Access in Cisco Firepower Management Center (FMC) Software or through Device > Remote Access VPN in Cisco Firepower Device Manager (FDM). 2. The Clientless SSL VPN feature is not supported as of Cisco FTD Software Release 7.1.0. However, for earlier Cisco FTD Software releases, it can be enabled using FlexConfig. Determine Whether the RSA Key Is Malformed or Susceptible To determine whether the RSA key is malformed or susceptible, use the Cisco off-box detection script, which detects malformed or susceptible RSA keys for which the RSA private key could have been leaked. Customers can run this script on a local machine (not on a Cisco ASA or FTD device) without the sensitive key material ever leaving their environment. Cisco recommends using this script when a device is running a vulnerable release of Cisco ASA or FTD Software and cannot be upgraded to a fixed software release immediately. To use the script, do the following: Export the RSA key(s) that need testing from a potentially affected device. Run the script to identify whether any of the RSA keys are either malformed or susceptible to the RSA private key leak. For the script and associated documentation, see https://github.com/CiscoPSIRT/CVE-2022-20866 ["https://github.com/CiscoPSIRT/CVE-2022-20866"]. Note: If an RSA key is not currently configured but was previously configured on a vulnerable software release, then the RSA private key could have been leaked. Cisco recommends removing the RSA key and revoking any certificates that use this RSA key pair.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco FMC Software.

Details

Lenstra Side-Channel Attack In 1996, Arjen Lenstra described an attack against Chinese remainder theorem optimization (RSA-CRT). This attack is possible if a fault happens during the computation of a cryptographic signature when using RSA-CRT optimization. An attacker could potentially recover the private key from the signature. This attack is also known as an RSA-CRT key leak. The Lenstra attack is a well-known side-channel attack. It does not attack the RSA algorithm directly but could exploit flaws in the implementation. For additional information on the attack, see the Memo on RSA signature generation in the presence of faults ["https://infoscience.epfl.ch/record/164524"]. The vulnerability described in this advisory could result in an RSA key for which the Lenstra side-channel attack is successful, potentially allowing the attacker to derive the RSA private key.

Indicators of Compromise

These indicators of compromise are available on Cisco ASA or FTD Software fixed releases only. They are not available on previous software releases. When an affected device is upgraded to a fixed software release, some or all of these indicators may be present to alert an administrator that the device has an RSA key for which the RSA private key may have been leaked. How to Detect Malformed or Susceptible RSA Keys When Upgrading to a Fixed Software Release Critical Syslog Messages When an affected device is upgraded to a fixed software release, two new syslog messages will alert the administrator if malformed or potentially susceptible RSA keys are detected. These messages mean that the RSA key(s) flagged could have leaked the RSA private key. The new syslog messages are logged at the CRITICAL level and can be viewed by an administrator using the show logging CLI command. The ASA or FTD prefix is specific to the type of device the syslog is being displayed on. The new syslog messages will appear as follows: %ASA-1-717065: Keypair <name> is invalid due to the Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866) and will be cleared in memory. Please remove this key. %FTD-1-717065: Keypair <name> is invalid due to the Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866) and will be cleared in memory. Please remove this key. Syslog messages ASA-1-717065 and FTD-1-717065 indicate that a malformed RSA key was detected that was vulnerable to the RSA private key leak described in this security advisory. The malformed RSA key was disabled and cannot be used. This RSA key was not functional previously and must be replaced. Any certificates using this RSA key pair must also be revoked and replaced. %ASA-1-717066: Keypair <name> is valid but may have been vulnerable to exposure in previous versions due to the Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866). Please remove this key. %FTD-1-717066: Keypair <name> is valid but may have been vulnerable to exposure in previous versions due to the Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866). Please remove this key. Syslog messages ASA-1-717066 and FTD-1-717066 indicate that although the RSA key is not malformed, it was susceptible to the RSA private key leak described in this security advisory. It is highly recommended that this RSA key be replaced and any certificates using this RSA key pair be revoked and replaced. Error Counters When an affected device is upgraded to a fixed software release, several new error counters will indicate if a malformed or susceptible RSA key is detected. To view these counters, use the show counters | grep PKI CLI command. The new error counters appear as follows: asaftd# show counters | grep PKI ... PKI RSAKEY_INVAL_VULN 1 Summary PKI RSAKEY_INVAL_SCRUB 1 Summary PKI RSAKEY_INVAL_NOT_VULN 1 Summary PKI RSAKEY_VALID_SHORT 1 Summary PKI RSAKEY_ANALYSIS_ERROR 1 Summary PKI RSAKEY_SCRUB_ERROR 1 Summary The meaning of each new error counter is as follows: RSAKEY_INVAL_VULN: Invalid vulnerable key detected RSAKEY_INVAL_SCRUB: Invalid vulnerable key cleared in memory RSAKEY_INVAL_NOT_VULN: Invalid key, not vulnerable RSAKEY_VALID_SHORT: Valid key vulnerable in previous affected versions RSAKEY_ANALYSIS_ERROR: An error occurred during analysis RSAKEY_SCRUB_ERROR: An error occurred while scrubbing a key These counters are incremented when a corresponding syslog message is logged and require the affected RSA key to be replaced and any certificates using the RSA key pair to be revoked and replaced. Device Boot Warnings After an affected device is upgraded to a fixed software release, one or more of the following console log messages may be observed during the boot sequence if a malformed or susceptible RSA key is detected: CRITICAL: RSA key <name> is invalid due to the Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866) and has been cleared in memory. Please remove this key. CRITICAL: RSA key <name> may have been vulnerable to exposure in previous versions due to the Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866). Please remove this key. Each of these boot-time warnings will have a corresponding syslog message logged and requires the RSA key to be replaced and any certificates using the RSA key pair to be revoked and replaced. Debug Menu Commands After upgrading an affected Cisco ASA or FTD device to a fixed software release, use the new debug command debug menu pki 60 to parse all RSA keys on the device. The command output will display the state of each RSA key to show whether any of them may have been compromised. The Validity column gives the current status of each RSA key. The value INVALID in this column indicates that the RSA private key may have been leaked. An example of output from the debug command is as follows: asa# debug menu pki 60 Key Name : Validity : Cisco RSA Malformed Key Vulnerability : : (CVE-2022-20866) exposure status ------------------------ : --------- : ------------------------------------- <Default-RSA-Key> : Valid : No exposure characteristics test1 : Valid : ** Possible exposure in earlier software versions test3 : INVALID : No exposure characteristics test8 : INVALID : ** Key generated by affected version, cleared in memory tets2 : ERROR : ** Error during analysis test4 : INVALID : ** Has exposure characteristics test5 : unknown : Key pair not analyzed Undetectable Malformed RSA Key It is not possible to detect a malformed or susceptible RSA key that was used in the past and has since been removed. Some RSA keys may not have been functional due to being malformed, so during normal operations, they might have been removed and regenerated. If there is any concern that a malformed or susceptible RSA key was in use on a device in the past, ensure that any certificates using this RSA key pair have been revoked.

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

Cisco has released free software updates ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu"] that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"] Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. The Cisco Support and Downloads page ["https://www.cisco.com/c/en/us/support/index.html"] on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"] Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table(s), the left column lists Cisco software releases. The right column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. ASA Software Cisco ASA Software Release First Fixed Release 9.15 and earlier1 Not vulnerable 9.16 9.16.3.19 9.17 9.17.1.13 9.18 9.18.2 1. If a Cisco ASA device was upgraded to a vulnerable release and then downgraded to a non-vulnerable release—for example, upgraded to Release 9.16.1 and then downgraded to Release 9.14.3.18—the RSA keys on the non-vulnerable release could be malformed or susceptible because they were saved on a vulnerable release. If a Cisco ASA device has been upgraded and downgraded in this manner, please ensure that the RSA keys are valid. FTD Software Cisco FTD Software Release First Fixed Release 6.7.0 and earlier1 Not vulnerable 7.0.0 7.0.4 7.1.0 Cisco_FTD_Hotfix_P-7.1.0.2-2.sh.REL.tar Cisco_FTD_SSP_FP1K_Hotfix_P-7.1.0.2-2.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_P-7.1.0.2-2.sh.REL.tar Cisco_FTD_SSP_Hotfix_P-7.1.0.2-2.sh.REL.tar Cisco_FTD_SSP_FP3K_Hotfix_Q-7.1.0.3-2.sh.REL.tar 7.2.0 7.2.0.1 1. If a Cisco FTD device was upgraded to a vulnerable release and then downgraded to a non-vulnerable release—for example, upgraded to Release 7.0.0 and then downgraded to Release 6.4.0.15—the RSA keys on the non-vulnerable release could be malformed or susceptible because they were saved on a vulnerable release. If a Cisco FTD device has been upgraded and downgraded in this manner, please ensure that the RSA keys are valid. For instructions on upgrading a Cisco FTD device, see the Cisco Firepower Management Center Upgrade Guide ["https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/getting_started.html"]. Note: See the Indicators of Compromise ["#ic"] section for more information on the detection of RSA keys that may have been compromised when upgrading to a fixed software release. The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

Recommendations

As the result of this vulnerability, Cisco ASA or FTD device administrators may need to remove malformed or susceptible RSA keys and possibly revoke any certificates associated with those RSA keys. This is because it is possible the RSA private key has been leaked to a malicious actor. For additional assistance, see the following technical documentation: Cisco ASA Software Cisco ASA Series General Operations CLI Configuration Guide - Digital Certificates ["https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/basic-certs.html"] Configure ASA: SSL Digital Certificate Installation and Renewal ["https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html"] Cisco FTD Software Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager - Certificates ["https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-certificates.html"] Certificate Installation and Renewal on FTD managed by FDM ["https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215850-certificate-installation-and-renewal-on.html"] Install and Renew Certificates on FTD Managed by FMC ["https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html"] Customers are advised to contact the Cisco TAC or their contracted maintenance providers if further assistance is needed.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco PSIRT is aware of a public announcement of the vulnerability that is described in this advisory. The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank Nadia Heninger and George Sullivan of the University of California San Diego and Jackson Sippe and Eric Wustrow of the University of Colorado Boulder for reporting this vulnerability.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "Cisco would like to thank Nadia Heninger and George Sullivan of the University of California San Diego and Jackson Sippe and Eric Wustrow of the University of Colorado Boulder for reporting this vulnerability."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.\r\n\r\nThis vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key.\r\n\r\nThe following conditions may be observed on an affected device:\r\n\r\nThis vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key.\r\nThe RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise [\"#ic\"] section for more information on the detection of this type of RSA key.\r\nThe RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz\"]",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "This vulnerability affects the following Cisco products, which perform hardware-based cryptographic functions, if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software:\r\n\r\nASA 5506-X with FirePOWER Services\r\nASA 5506H-X with FirePOWER Services\r\nASA 5506W-X with FirePOWER Services\r\nASA 5508-X with FirePOWER Services\r\nASA 5516-X with FirePOWER Services\r\nFirepower 1000 Series Next-Generation Firewall\r\nFirepower 2100 Series Security Appliances\r\nFirepower 4100 Series Security Appliances\r\nFirepower 9300 Series Security Appliances\r\nSecure Firewall 3100\r\n\r\nAdditional information:\r\n\r\nThis vulnerability affects only Cisco ASA Software releases 9.16.1 and later and Cisco FTD Software releases 7.0.0 and later; all earlier software releases are not affected. If a customer is running Cisco ASA Software Release 9.15 or earlier or Cisco FTD Software Release 6.7 or earlier, the device is not considered vulnerable as long as none of the RSA keys present on the device were generated by a vulnerable software release.\r\nThis vulnerability applies to RSA keys only. Elliptic Curve Digital Signature Algorithm (ECDSA) keys and Edwards-curve Digital Signature Algorithm (EdDSA) keys are not vulnerable.\r\nThis vulnerability applies to all RSA keys that are stored in memory or flash on a vulnerable software release, which means an RSA key could become malformed or susceptible to the RSA private key leak during the following actions:\r\n\r\nWhen generating a new RSA key on a vulnerable software release\r\nWhen a good RSA key is upgraded from an earlier, non-vulnerable software release to a vulnerable software release\r\nWhen importing the RSA key on a vulnerable software release\r\n\r\n\r\nThus, any RSA key on a vulnerable software release, regardless of where it was originally generated, could be malformed (non-working but vulnerable to the RSA private key leak) or susceptible (valid but vulnerable to the RSA private key leak). If the RSA key was configured for use at any time, then it is possible the RSA private key has been leaked to malicious actors.\r\n  Vulnerable Configurations\r\nIf an RSA key is flagged by the Cisco off-box detection script or any of the conditions noted in the Indicators of Compromise [\"#ic\"] section of this advisory, Cisco recommends that the RSA key be replaced and any certificates that use this RSA key pair be revoked and replaced. The following Cisco ASA and FTD Software features are known to be used with a configured RSA key; however, any flagged RSA key should be replaced on the device.\r\n\r\nASA Software\r\n\r\nIn the following table, the left column lists the Cisco ASA Software features that are potentially vulnerable if a malformed or susceptible RSA key is associated with that feature\u0027s configuration. The right column indicates the basic configuration for the feature from the show running-config CLI command, if it can be determined.\r\n        Cisco ASA Software Feature  Possible Vulnerable Configuration          Adaptive Security Device Manager (ASDM)1\r\nhttp server enable \u003cport\u003e\r\nhttp \u003cremote_ip_address\u003e \u003cremote_subnet_mask\u003e \u003cinterface_name\u003e\r\n      AnyConnect SSL VPN\r\nwebvpn\r\n enable \u003cinterface_name\u003e\r\n      Cisco Security Manager (CSM)1\r\nhttp server enable \u003cport\u003e\r\nhttp \u003cremote_ip_address\u003e \u003cremote_subnet_mask\u003e \u003cinterface_name\u003e\r\n      Clientless SSL VPN (WebVPN)2\r\nwebvpn\r\n enable \u003cinterface_name\u003e\r\n      Internet Key Exchange Version 1 (IKEv1) VPN (remote access and LAN-to-LAN) using certificate-based authentication\r\ncrypto ikev1 enable \u003cinterface_name\u003e\r\ncrypto ikev1 policy \u003cpriority\u003e\r\n authentication rsa-sig\r\ntunnel-group \u003ctunnel_group_name\u003e ipsec-attributes\r\n trust-point \u003ctrustpoint_name\u003e\r\n      Internet Key Exchange Version 2 (IKEv2) VPN (remote access and LAN-to-LAN) using certificate-based authentication\r\ncrypto ikev2 enable \u003cinterface_name\u003e\r\ntunnel-group \u003ctunnel_group_name\u003e ipsec-attributes\r\n ikev2 remote-authentication certificate\r\n ikev2 local-authentication certificate \u003ctrustpoint_name\u003e\r\n      Proxy Bypass\r\nwebvpn\r\n proxy-bypass\r\n      TLS Proxy\r\ntls-proxy \u003cname\u003e\r\n      REST API1\r\nrest-api image disk0:/\u003cimage name\u003e\r\nrest-api agent\r\n      SSH Access3\r\nssh \u003cremote_ip_address\u003e \u003cremote_subnet_mask\u003e \u003cinterface_name\u003e\r\n\r\n1. ASDM, CSM, and REST API services are accessible only from an IP address in the configured http command range.\r\n2. Clientless SSL VPN is no longer supported in Cisco ASA Software releases 9.17(1) and later.\r\n3. SSH service is accessible only from an IP address in the configured ssh command range.\r\nFTD Software\r\n\r\nIn the following table, the left column lists the Cisco FTD Software features that are potentially affected if a malformed or susceptible RSA key is associated with that feature\u0027s configuration. The right column indicates the basic configuration for the feature from the show running-config CLI command, if it can be determined.\r\n        Cisco FTD Feature  Possible Vulnerable Configuration          AnyConnect SSL VPN1,2\r\nwebvpn\r\n enable \u003cinterface_name\r\n      Clientless SSL VPN (WebVPN)2\r\nwebvpn\r\n enable \u003cinterface_name\u003e\r\n      IKEv1 VPN (remote access and LAN-to-LAN) using certificate-based authentication1,2\r\ncrypto ikev1 enable \u003cinterface_name\u003e\r\ncrypto ikev1 policy \u003cpriority\u003e\r\n authentication rsa-sig\r\ntunnel-group \u003ctunnel_group_name\u003e ipsec-attributes\r\ntrust-point \u003ctrustpoint_name\u003e\r\n      IKEv2 VPN (remote access and LAN-to-LAN) using certificate-based authentication1,2\r\ncrypto ikev2 enable \u003cinterface_name\u003e\r\ntunnel-group \u003ctunnel_group_name\u003e ipsec-attributes\r\n ikev2 remote-authentication certificate\r\n ikev2 local-authentication certificate \u003ctrustpoint_name\u003e\r\n\r\n1. Remote access VPN features are enabled through Devices \u003e VPN \u003e Remote Access in Cisco Firepower Management Center (FMC) Software or through Device \u003e Remote Access VPN in Cisco Firepower Device Manager (FDM).\r\n2. The Clientless SSL VPN feature is not supported as of Cisco FTD Software Release 7.1.0. However, for earlier Cisco FTD Software releases, it can be enabled using FlexConfig.  Determine Whether the RSA Key Is Malformed or Susceptible\r\nTo determine whether the RSA key is malformed or susceptible, use the Cisco off-box detection script, which detects malformed or susceptible RSA keys for which the RSA private key could have been leaked. Customers can run this script on a local machine (not on a Cisco ASA or FTD device) without the sensitive key material ever leaving their environment.\r\n\r\nCisco recommends using this script when a device is running a vulnerable release of Cisco ASA or FTD Software and cannot be upgraded to a fixed software release immediately.\r\n\r\nTo use the script, do the following:\r\n\r\nExport the RSA key(s) that need testing from a potentially affected device.\r\nRun the script to identify whether any of the RSA keys are either malformed or susceptible to the RSA private key leak.\r\n\r\nFor the script and associated documentation, see https://github.com/CiscoPSIRT/CVE-2022-20866 [\"https://github.com/CiscoPSIRT/CVE-2022-20866\"].\r\n\r\nNote: If an RSA key is not currently configured but was previously configured on a vulnerable software release, then the RSA private key could have been leaked. Cisco recommends removing the RSA key and revoking any certificates that use this RSA key pair.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect Cisco FMC Software.",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "Lenstra Side-Channel Attack\r\n\r\nIn 1996, Arjen Lenstra described an attack against Chinese remainder theorem optimization (RSA-CRT). This attack is possible if a fault happens during the computation of a cryptographic signature when using RSA-CRT optimization. An attacker could potentially recover the private key from the signature. This attack is also known as an RSA-CRT key leak. The Lenstra attack is a well-known side-channel attack. It does not attack the RSA algorithm directly but could exploit flaws in the implementation.\r\n\r\nFor additional information on the attack, see the Memo on RSA signature generation in the presence of faults [\"https://infoscience.epfl.ch/record/164524\"].\r\n\r\nThe vulnerability described in this advisory could result in an RSA key for which the Lenstra side-channel attack is successful, potentially allowing the attacker to derive the RSA private key.",
        "title": "Details"
      },
      {
        "category": "general",
        "text": "These indicators of compromise are available on Cisco ASA or FTD Software fixed releases only. They are not available on previous software releases.\r\n\r\nWhen an affected device is upgraded to a fixed software release, some or all of these indicators may be present to alert an administrator that the device has an RSA key for which the RSA private key may have been leaked.\r\n  How to Detect Malformed or Susceptible RSA Keys When Upgrading to a Fixed Software Release\r\nCritical Syslog Messages\r\n\r\nWhen an affected device is upgraded to a fixed software release, two new syslog messages will alert the administrator if malformed or potentially susceptible RSA keys are detected. These messages mean that the RSA key(s) flagged could have leaked the RSA private key. The new syslog messages are logged at the CRITICAL level and can be viewed by an administrator using the show logging CLI command. The ASA or FTD prefix is specific to the type of device the syslog is being displayed on. The new syslog messages will appear as follows:\r\n\r\n%ASA-1-717065: Keypair \u003cname\u003e is invalid due to the Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866) and will be cleared in memory. Please remove this key.\r\n\r\n%FTD-1-717065: Keypair \u003cname\u003e is invalid due to the Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866) and will be cleared in memory. Please remove this key.\r\n\r\nSyslog messages ASA-1-717065 and FTD-1-717065 indicate that a malformed RSA key was detected that was vulnerable to the RSA private key leak described in this security advisory. The malformed RSA key was disabled and cannot be used. This RSA key was not functional previously and must be replaced. Any certificates using this RSA key pair must also be revoked and replaced.\r\n\r\n%ASA-1-717066: Keypair \u003cname\u003e is valid but may have been vulnerable to exposure in previous versions due to the Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866). Please remove this key.\r\n\r\n%FTD-1-717066: Keypair \u003cname\u003e is valid but may have been vulnerable to exposure in previous versions due to the Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866). Please remove this key.\r\n\r\nSyslog messages ASA-1-717066 and FTD-1-717066 indicate that although the RSA key is not malformed, it was susceptible to the RSA private key leak described in this security advisory. It is highly recommended that this RSA key be replaced and any certificates using this RSA key pair be revoked and replaced.\r\n\r\nError Counters\r\n\r\nWhen an affected device is upgraded to a fixed software release, several new error counters will indicate if a malformed or susceptible RSA key is detected. To view these counters, use the show counters | grep PKI CLI command. The new error counters appear as follows:\r\n\r\n\r\nasaftd# show counters | grep PKI\r\n...\r\nPKI          RSAKEY_INVAL_VULN                        1   Summary\r\nPKI          RSAKEY_INVAL_SCRUB                       1   Summary\r\nPKI          RSAKEY_INVAL_NOT_VULN                    1   Summary\r\nPKI          RSAKEY_VALID_SHORT                       1   Summary\r\nPKI          RSAKEY_ANALYSIS_ERROR                    1   Summary\r\nPKI          RSAKEY_SCRUB_ERROR                       1   Summary\r\n\r\nThe meaning of each new error counter is as follows:\r\n\r\nRSAKEY_INVAL_VULN: Invalid vulnerable key detected\r\nRSAKEY_INVAL_SCRUB: Invalid vulnerable key cleared in memory\r\nRSAKEY_INVAL_NOT_VULN: Invalid key, not vulnerable\r\nRSAKEY_VALID_SHORT: Valid key vulnerable in previous affected versions\r\nRSAKEY_ANALYSIS_ERROR: An error occurred during analysis\r\nRSAKEY_SCRUB_ERROR: An error occurred while scrubbing a key\r\n\r\nThese counters are incremented when a corresponding syslog message is logged and require the affected RSA key to be replaced and any certificates using the RSA key pair to be revoked and replaced.\r\n\r\nDevice Boot Warnings\r\n\r\nAfter an affected device is upgraded to a fixed software release, one or more of the following console log messages may be observed during the boot sequence if a malformed or susceptible RSA key is detected:\r\n        CRITICAL:   RSA key \u003cname\u003e is invalid due to the         Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866)         and has been cleared in memory. Please remove this key.                CRITICAL:  RSA key \u003cname\u003e may have been vulnerable to         exposure in previous versions due to the         Cisco RSA Private Key Leak Vulnerability (CVE-2022-20866).         Please remove this key.\r\nEach of these boot-time warnings will have a corresponding syslog message logged and requires the RSA key to be replaced and any certificates using the RSA key pair to be revoked and replaced.\r\n\r\nDebug Menu Commands\r\n\r\nAfter upgrading an affected Cisco ASA or FTD device to a fixed software release, use the new debug command debug menu pki 60 to parse all RSA keys on the device. The command output will display the state of each RSA key to show whether any of them may have been compromised. The Validity column gives the current status of each RSA key. The value INVALID in this column indicates that the RSA private key may have been leaked. An example of output from the debug command is as follows:\r\n\r\n\r\nasa# debug menu pki 60\r\nKey Name                 : Validity  : Cisco RSA Malformed Key Vulnerability\r\n                         :           : (CVE-2022-20866) exposure status\r\n------------------------ : --------- : -------------------------------------\r\n\u003cDefault-RSA-Key\u003e        : Valid     : No exposure characteristics\r\ntest1                    : Valid     : ** Possible exposure in earlier software versions\r\ntest3                    : INVALID   : No exposure characteristics\r\ntest8                    : INVALID   : ** Key generated by affected version, cleared in memory\r\ntets2                    : ERROR     : ** Error during analysis\r\ntest4                    : INVALID   : ** Has exposure characteristics\r\ntest5                    : unknown   : Key pair not analyzed\r\n\r\nUndetectable Malformed RSA Key\r\n\r\nIt is not possible to detect a malformed or susceptible RSA key that was used in the past and has since been removed. Some RSA keys may not have been functional due to being malformed, so during normal operations, they might have been removed and regenerated. If there is any concern that a malformed or susceptible RSA key was in use on a device in the past, ensure that any certificates using this RSA key pair have been revoked.",
        "title": "Indicators of Compromise"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco has released free software updates [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu\"] that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.\r\n\r\nCustomers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nThe Cisco Support and Downloads page [\"https://www.cisco.com/c/en/us/support/index.html\"] on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n  Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n      Fixed Releases\r\nIn the following table(s), the left column lists Cisco software releases. The right column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability.\r\n\r\nASA Software\r\n        Cisco ASA Software Release  First Fixed Release          9.15 and earlier1  Not vulnerable      9.16  9.16.3.19      9.17  9.17.1.13      9.18  9.18.2\r\n1. If a Cisco ASA device was upgraded to a vulnerable release and then downgraded to a non-vulnerable release\u2014for example, upgraded to Release 9.16.1 and then downgraded to Release 9.14.3.18\u2014the RSA keys on the non-vulnerable release could be malformed or susceptible because they were saved on a vulnerable release. If a Cisco ASA device has been upgraded and downgraded in this manner, please ensure that the RSA keys are valid.\r\nFTD Software\r\n        Cisco FTD Software Release  First Fixed Release          6.7.0 and earlier1  Not vulnerable      7.0.0  7.0.4      7.1.0  Cisco_FTD_Hotfix_P-7.1.0.2-2.sh.REL.tar\r\nCisco_FTD_SSP_FP1K_Hotfix_P-7.1.0.2-2.sh.REL.tar\r\nCisco_FTD_SSP_FP2K_Hotfix_P-7.1.0.2-2.sh.REL.tar\r\nCisco_FTD_SSP_Hotfix_P-7.1.0.2-2.sh.REL.tar\r\nCisco_FTD_SSP_FP3K_Hotfix_Q-7.1.0.3-2.sh.REL.tar      7.2.0  7.2.0.1\r\n1. If a Cisco FTD device was upgraded to a vulnerable release and then downgraded to a non-vulnerable release\u2014for example, upgraded to Release 7.0.0 and then downgraded to Release 6.4.0.15\u2014the RSA keys on the non-vulnerable release could be malformed or susceptible because they were saved on a vulnerable release. If a Cisco FTD device has been upgraded and downgraded in this manner, please ensure that the RSA keys are valid.\r\nFor instructions on upgrading a Cisco FTD device, see the Cisco Firepower Management Center Upgrade Guide [\"https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/getting_started.html\"].\r\n\r\nNote: See the Indicators of Compromise [\"#ic\"] section for more information on the detection of RSA keys that may have been compromised when upgrading to a fixed software release.\r\n\r\nThe Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "As the result of this vulnerability, Cisco ASA or FTD device administrators may need to remove malformed or susceptible RSA keys and possibly revoke any certificates associated with those RSA keys. This is because it is possible the RSA private key has been leaked to a malicious actor. For additional assistance, see the following technical documentation:\r\n\r\nCisco ASA Software\r\n\r\nCisco ASA Series General Operations CLI Configuration Guide - Digital Certificates [\"https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/basic-certs.html\"]\r\nConfigure ASA: SSL Digital Certificate Installation and Renewal [\"https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html\"]\r\n\r\nCisco FTD Software\r\n\r\nCisco Firepower Threat Defense Configuration Guide for Firepower Device Manager - Certificates [\"https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-certificates.html\"]\r\nCertificate Installation and Renewal on FTD managed by FDM [\"https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215850-certificate-installation-and-renewal-on.html\"]\r\nInstall and Renew Certificates on FTD Managed by FMC [\"https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html\"]\r\n\r\nCustomers are advised to contact the Cisco TAC or their contracted maintenance providers if further assistance is needed.",
        "title": "Recommendations"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco PSIRT is aware of a public announcement of the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "Cisco would like to thank Nadia Heninger and George Sullivan of the University of California San Diego and Jackson Sippe and Eric Wustrow of the University of Colorado Boulder for reporting this vulnerability.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
      "issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
      },
      {
        "category": "external",
        "summary": "https://github.com/CiscoPSIRT/CVE-2022-20866",
        "url": "https://github.com/CiscoPSIRT/CVE-2022-20866"
      },
      {
        "category": "external",
        "summary": "Memo on RSA signature generation in the presence of faults",
        "url": "https://infoscience.epfl.ch/record/164524"
      },
      {
        "category": "external",
        "summary": "free software updates",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
        "url": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Support and Downloads page",
        "url": "https://www.cisco.com/c/en/us/support/index.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Security Advisories page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
        "url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Firepower Management Center Upgrade Guide",
        "url": "https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/getting_started.html"
      },
      {
        "category": "external",
        "summary": "Cisco ASA Series General Operations CLI Configuration Guide - Digital Certificates",
        "url": "https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/basic-certs.html"
      },
      {
        "category": "external",
        "summary": "Configure ASA: SSL Digital Certificate Installation and Renewal",
        "url": "https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html"
      },
      {
        "category": "external",
        "summary": "Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager - Certificates",
        "url": "https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-certificates.html"
      },
      {
        "category": "external",
        "summary": "Certificate Installation and Renewal on FTD managed by FDM",
        "url": "https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215850-certificate-installation-and-renewal-on.html"
      },
      {
        "category": "external",
        "summary": "Install and Renew Certificates on FTD Managed by FMC",
        "url": "https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
    "tracking": {
      "current_release_date": "2022-08-10T16:00:00+00:00",
      "generator": {
        "date": "2022-10-22T03:15:39+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz",
      "initial_release_date": "2022-08-10T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2022-08-10T15:49:27+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "9.16.1",
                    "product": {
                      "name": "9.16.1",
                      "product_id": "CSAFPID-283788"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.1.28",
                    "product": {
                      "name": "9.16.1.28",
                      "product_id": "CSAFPID-284175"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.2",
                    "product": {
                      "name": "9.16.2",
                      "product_id": "CSAFPID-284342"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.2.3",
                    "product": {
                      "name": "9.16.2.3",
                      "product_id": "CSAFPID-284600"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.2.7",
                    "product": {
                      "name": "9.16.2.7",
                      "product_id": "CSAFPID-286190"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.2.11",
                    "product": {
                      "name": "9.16.2.11",
                      "product_id": "CSAFPID-286192"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.2.13",
                    "product": {
                      "name": "9.16.2.13",
                      "product_id": "CSAFPID-286396"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.2.14",
                    "product": {
                      "name": "9.16.2.14",
                      "product_id": "CSAFPID-286584"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.3",
                    "product": {
                      "name": "9.16.3",
                      "product_id": "CSAFPID-286867"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.3.3",
                    "product": {
                      "name": "9.16.3.3",
                      "product_id": "CSAFPID-286868"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.3.14",
                    "product": {
                      "name": "9.16.3.14",
                      "product_id": "CSAFPID-286906"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.16.3.15",
                    "product": {
                      "name": "9.16.3.15",
                      "product_id": "CSAFPID-287201"
                    }
                  }
                ],
                "category": "product_version",
                "name": "9.16"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "9.17.1",
                    "product": {
                      "name": "9.17.1",
                      "product_id": "CSAFPID-285970"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.17.1.7",
                    "product": {
                      "name": "9.17.1.7",
                      "product_id": "CSAFPID-286583"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.17.1.9",
                    "product": {
                      "name": "9.17.1.9",
                      "product_id": "CSAFPID-286880"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.17.1.10",
                    "product": {
                      "name": "9.17.1.10",
                      "product_id": "CSAFPID-287042"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.17.1.11",
                    "product": {
                      "name": "9.17.1.11",
                      "product_id": "CSAFPID-288207"
                    }
                  }
                ],
                "category": "product_version",
                "name": "9.17"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "9.18.1",
                    "product": {
                      "name": "9.18.1",
                      "product_id": "CSAFPID-287079"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "9.18.1.3",
                    "product": {
                      "name": "9.18.1.3",
                      "product_id": "CSAFPID-287200"
                    }
                  }
                ],
                "category": "product_version",
                "name": "9.18"
              }
            ],
            "category": "product_family",
            "name": "Cisco Adaptive Security Appliance (ASA) Software"
          },
          {
            "category": "product_family",
            "name": "Cisco Adaptive Security Appliance (ASA) Software",
            "product": {
              "name": "Cisco Adaptive Security Appliance (ASA) Software ",
              "product_id": "CSAFPID-6588"
            }
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.0.0",
                    "product": {
                      "name": "7.0.0",
                      "product_id": "CSAFPID-282695"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.0.0.1",
                    "product": {
                      "name": "7.0.0.1",
                      "product_id": "CSAFPID-284277"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.0.1",
                    "product": {
                      "name": "7.0.1",
                      "product_id": "CSAFPID-284789"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.0.1.1",
                    "product": {
                      "name": "7.0.1.1",
                      "product_id": "CSAFPID-286538"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.0.2",
                    "product": {
                      "name": "7.0.2",
                      "product_id": "CSAFPID-286930"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.0.2.1",
                    "product": {
                      "name": "7.0.2.1",
                      "product_id": "CSAFPID-287122"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.0.3",
                    "product": {
                      "name": "7.0.3",
                      "product_id": "CSAFPID-287181"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.0"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.1.0",
                    "product": {
                      "name": "7.1.0",
                      "product_id": "CSAFPID-286091"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.1.0.1",
                    "product": {
                      "name": "7.1.0.1",
                      "product_id": "CSAFPID-286543"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.1.0.2",
                    "product": {
                      "name": "7.1.0.2",
                      "product_id": "CSAFPID-290467"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.2.0",
                    "product": {
                      "name": "7.2.0",
                      "product_id": "CSAFPID-287081"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.2"
              }
            ],
            "category": "product_family",
            "name": "Cisco Firepower Threat Defense Software"
          },
          {
            "category": "product_family",
            "name": "Cisco Firepower Threat Defense Software",
            "product": {
              "name": "Cisco Firepower Threat Defense Software ",
              "product_id": "CSAFPID-220203"
            }
          },
          {
            "category": "product_name",
            "name": "Cisco ASA 5500-X Series Firewalls",
            "product": {
              "name": "Cisco ASA 5500-X Series Firewalls",
              "product_id": "CSAFPID-277437"
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Firepower 9000 Series",
            "product": {
              "name": "Cisco Firepower 9000 Series",
              "product_id": "CSAFPID-277440"
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Firepower 2100 Series",
            "product": {
              "name": "Cisco Firepower 2100 Series",
              "product_id": "CSAFPID-277392"
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Firepower 1000 Series",
            "product": {
              "name": "Cisco Firepower 1000 Series",
              "product_id": "CSAFPID-277393"
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Firepower 4100 Series",
            "product": {
              "name": "Cisco Firepower 4100 Series",
              "product_id": "CSAFPID-277441"
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Secure Firewall 3100 Series",
            "product": {
              "name": "Cisco Secure Firewall 3100 Series",
              "product_id": "CSAFPID-286865"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.1 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-283788:277437"
        },
        "product_reference": "CSAFPID-283788",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.1 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-283788:277440"
        },
        "product_reference": "CSAFPID-283788",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.1.28 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-284175:277437"
        },
        "product_reference": "CSAFPID-284175",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.1.28 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-284175:277440"
        },
        "product_reference": "CSAFPID-284175",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-284342:277437"
        },
        "product_reference": "CSAFPID-284342",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-284342:277440"
        },
        "product_reference": "CSAFPID-284342",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2.3 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-284600:277437"
        },
        "product_reference": "CSAFPID-284600",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2.3 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-284600:277440"
        },
        "product_reference": "CSAFPID-284600",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2.7 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-286190:277437"
        },
        "product_reference": "CSAFPID-286190",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2.7 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286190:277440"
        },
        "product_reference": "CSAFPID-286190",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2.11 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-286192:277437"
        },
        "product_reference": "CSAFPID-286192",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2.11 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286192:277440"
        },
        "product_reference": "CSAFPID-286192",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2.13 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-286396:277437"
        },
        "product_reference": "CSAFPID-286396",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2.13 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286396:277440"
        },
        "product_reference": "CSAFPID-286396",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2.14 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-286584:277437"
        },
        "product_reference": "CSAFPID-286584",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.2.14 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286584:277440"
        },
        "product_reference": "CSAFPID-286584",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.3 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-286867:277437"
        },
        "product_reference": "CSAFPID-286867",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.3 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286867:277440"
        },
        "product_reference": "CSAFPID-286867",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.3.3 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-286868:277437"
        },
        "product_reference": "CSAFPID-286868",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.3.3 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286868:277440"
        },
        "product_reference": "CSAFPID-286868",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.3.14 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-286906:277437"
        },
        "product_reference": "CSAFPID-286906",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.3.14 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286906:277440"
        },
        "product_reference": "CSAFPID-286906",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.3.15 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-287201:277437"
        },
        "product_reference": "CSAFPID-287201",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.16.3.15 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-287201:277440"
        },
        "product_reference": "CSAFPID-287201",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.17.1 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-285970:277440"
        },
        "product_reference": "CSAFPID-285970",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.17.1.7 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286583:277440"
        },
        "product_reference": "CSAFPID-286583",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.17.1.9 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286880:277440"
        },
        "product_reference": "CSAFPID-286880",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.17.1.10 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-287042:277440"
        },
        "product_reference": "CSAFPID-287042",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.17.1.11 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-288207:277440"
        },
        "product_reference": "CSAFPID-288207",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.18.1 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-287079:277440"
        },
        "product_reference": "CSAFPID-287079",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Adaptive Security Appliance (ASA) Software 9.18.1.3 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-287200:277440"
        },
        "product_reference": "CSAFPID-287200",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.0 when installed on Cisco Firepower 2100 Series",
          "product_id": "CSAFPID-282695:277392"
        },
        "product_reference": "CSAFPID-282695",
        "relates_to_product_reference": "CSAFPID-277392"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.0 when installed on Cisco Firepower 1000 Series",
          "product_id": "CSAFPID-282695:277393"
        },
        "product_reference": "CSAFPID-282695",
        "relates_to_product_reference": "CSAFPID-277393"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.0 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-282695:277437"
        },
        "product_reference": "CSAFPID-282695",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.0 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-282695:277440"
        },
        "product_reference": "CSAFPID-282695",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.0 when installed on Cisco Firepower 4100 Series",
          "product_id": "CSAFPID-282695:277441"
        },
        "product_reference": "CSAFPID-282695",
        "relates_to_product_reference": "CSAFPID-277441"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.0.1 when installed on Cisco Firepower 2100 Series",
          "product_id": "CSAFPID-284277:277392"
        },
        "product_reference": "CSAFPID-284277",
        "relates_to_product_reference": "CSAFPID-277392"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.0.1 when installed on Cisco Firepower 1000 Series",
          "product_id": "CSAFPID-284277:277393"
        },
        "product_reference": "CSAFPID-284277",
        "relates_to_product_reference": "CSAFPID-277393"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.0.1 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-284277:277437"
        },
        "product_reference": "CSAFPID-284277",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.0.1 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-284277:277440"
        },
        "product_reference": "CSAFPID-284277",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.0.1 when installed on Cisco Firepower 4100 Series",
          "product_id": "CSAFPID-284277:277441"
        },
        "product_reference": "CSAFPID-284277",
        "relates_to_product_reference": "CSAFPID-277441"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.1 when installed on Cisco Firepower 2100 Series",
          "product_id": "CSAFPID-284789:277392"
        },
        "product_reference": "CSAFPID-284789",
        "relates_to_product_reference": "CSAFPID-277392"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.1 when installed on Cisco Firepower 1000 Series",
          "product_id": "CSAFPID-284789:277393"
        },
        "product_reference": "CSAFPID-284789",
        "relates_to_product_reference": "CSAFPID-277393"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.1 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-284789:277437"
        },
        "product_reference": "CSAFPID-284789",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.1 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-284789:277440"
        },
        "product_reference": "CSAFPID-284789",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.1 when installed on Cisco Firepower 4100 Series",
          "product_id": "CSAFPID-284789:277441"
        },
        "product_reference": "CSAFPID-284789",
        "relates_to_product_reference": "CSAFPID-277441"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.1.1 when installed on Cisco Firepower 2100 Series",
          "product_id": "CSAFPID-286538:277392"
        },
        "product_reference": "CSAFPID-286538",
        "relates_to_product_reference": "CSAFPID-277392"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.1.1 when installed on Cisco Firepower 1000 Series",
          "product_id": "CSAFPID-286538:277393"
        },
        "product_reference": "CSAFPID-286538",
        "relates_to_product_reference": "CSAFPID-277393"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.1.1 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-286538:277437"
        },
        "product_reference": "CSAFPID-286538",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.1.1 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286538:277440"
        },
        "product_reference": "CSAFPID-286538",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.1.1 when installed on Cisco Firepower 4100 Series",
          "product_id": "CSAFPID-286538:277441"
        },
        "product_reference": "CSAFPID-286538",
        "relates_to_product_reference": "CSAFPID-277441"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.2 when installed on Cisco Firepower 2100 Series",
          "product_id": "CSAFPID-286930:277392"
        },
        "product_reference": "CSAFPID-286930",
        "relates_to_product_reference": "CSAFPID-277392"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.2 when installed on Cisco Firepower 1000 Series",
          "product_id": "CSAFPID-286930:277393"
        },
        "product_reference": "CSAFPID-286930",
        "relates_to_product_reference": "CSAFPID-277393"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.2 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-286930:277437"
        },
        "product_reference": "CSAFPID-286930",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.2 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286930:277440"
        },
        "product_reference": "CSAFPID-286930",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.2 when installed on Cisco Firepower 4100 Series",
          "product_id": "CSAFPID-286930:277441"
        },
        "product_reference": "CSAFPID-286930",
        "relates_to_product_reference": "CSAFPID-277441"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.2.1 when installed on Cisco Firepower 2100 Series",
          "product_id": "CSAFPID-287122:277392"
        },
        "product_reference": "CSAFPID-287122",
        "relates_to_product_reference": "CSAFPID-277392"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.2.1 when installed on Cisco Firepower 1000 Series",
          "product_id": "CSAFPID-287122:277393"
        },
        "product_reference": "CSAFPID-287122",
        "relates_to_product_reference": "CSAFPID-277393"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.2.1 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-287122:277437"
        },
        "product_reference": "CSAFPID-287122",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.2.1 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-287122:277440"
        },
        "product_reference": "CSAFPID-287122",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.2.1 when installed on Cisco Firepower 4100 Series",
          "product_id": "CSAFPID-287122:277441"
        },
        "product_reference": "CSAFPID-287122",
        "relates_to_product_reference": "CSAFPID-277441"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.3 when installed on Cisco Firepower 2100 Series",
          "product_id": "CSAFPID-287181:277392"
        },
        "product_reference": "CSAFPID-287181",
        "relates_to_product_reference": "CSAFPID-277392"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.3 when installed on Cisco Firepower 1000 Series",
          "product_id": "CSAFPID-287181:277393"
        },
        "product_reference": "CSAFPID-287181",
        "relates_to_product_reference": "CSAFPID-277393"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.3 when installed on Cisco ASA 5500-X Series Firewalls",
          "product_id": "CSAFPID-287181:277437"
        },
        "product_reference": "CSAFPID-287181",
        "relates_to_product_reference": "CSAFPID-277437"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.3 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-287181:277440"
        },
        "product_reference": "CSAFPID-287181",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.0.3 when installed on Cisco Firepower 4100 Series",
          "product_id": "CSAFPID-287181:277441"
        },
        "product_reference": "CSAFPID-287181",
        "relates_to_product_reference": "CSAFPID-277441"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.1.0 when installed on Cisco Firepower 2100 Series",
          "product_id": "CSAFPID-286091:277392"
        },
        "product_reference": "CSAFPID-286091",
        "relates_to_product_reference": "CSAFPID-277392"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.1.0 when installed on Cisco Firepower 1000 Series",
          "product_id": "CSAFPID-286091:277393"
        },
        "product_reference": "CSAFPID-286091",
        "relates_to_product_reference": "CSAFPID-277393"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.1.0 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286091:277440"
        },
        "product_reference": "CSAFPID-286091",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.1.0 when installed on Cisco Firepower 4100 Series",
          "product_id": "CSAFPID-286091:277441"
        },
        "product_reference": "CSAFPID-286091",
        "relates_to_product_reference": "CSAFPID-277441"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.1.0 when installed on Cisco Secure Firewall 3100 Series",
          "product_id": "CSAFPID-286091:286865"
        },
        "product_reference": "CSAFPID-286091",
        "relates_to_product_reference": "CSAFPID-286865"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.1.0.1 when installed on Cisco Firepower 2100 Series",
          "product_id": "CSAFPID-286543:277392"
        },
        "product_reference": "CSAFPID-286543",
        "relates_to_product_reference": "CSAFPID-277392"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.1.0.1 when installed on Cisco Firepower 1000 Series",
          "product_id": "CSAFPID-286543:277393"
        },
        "product_reference": "CSAFPID-286543",
        "relates_to_product_reference": "CSAFPID-277393"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.1.0.1 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-286543:277440"
        },
        "product_reference": "CSAFPID-286543",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.1.0.1 when installed on Cisco Firepower 4100 Series",
          "product_id": "CSAFPID-286543:277441"
        },
        "product_reference": "CSAFPID-286543",
        "relates_to_product_reference": "CSAFPID-277441"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.1.0.2 when installed on Cisco Secure Firewall 3100 Series",
          "product_id": "CSAFPID-290467:286865"
        },
        "product_reference": "CSAFPID-290467",
        "relates_to_product_reference": "CSAFPID-286865"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.2.0 when installed on Cisco Firepower 2100 Series",
          "product_id": "CSAFPID-287081:277392"
        },
        "product_reference": "CSAFPID-287081",
        "relates_to_product_reference": "CSAFPID-277392"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.2.0 when installed on Cisco Firepower 1000 Series",
          "product_id": "CSAFPID-287081:277393"
        },
        "product_reference": "CSAFPID-287081",
        "relates_to_product_reference": "CSAFPID-277393"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.2.0 when installed on Cisco Firepower 9000 Series",
          "product_id": "CSAFPID-287081:277440"
        },
        "product_reference": "CSAFPID-287081",
        "relates_to_product_reference": "CSAFPID-277440"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.2.0 when installed on Cisco Firepower 4100 Series",
          "product_id": "CSAFPID-287081:277441"
        },
        "product_reference": "CSAFPID-287081",
        "relates_to_product_reference": "CSAFPID-277441"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Cisco Firepower Threat Defense Software 7.2.0 when installed on Cisco Secure Firewall 3100 Series",
          "product_id": "CSAFPID-287081:286865"
        },
        "product_reference": "CSAFPID-287081",
        "relates_to_product_reference": "CSAFPID-286865"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-20866",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwb88651"
        },
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwc28334"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220203",
          "CSAFPID-282695:277392",
          "CSAFPID-282695:277393",
          "CSAFPID-282695:277437",
          "CSAFPID-282695:277440",
          "CSAFPID-282695:277441",
          "CSAFPID-284277:277392",
          "CSAFPID-284277:277393",
          "CSAFPID-284277:277437",
          "CSAFPID-284277:277440",
          "CSAFPID-284277:277441",
          "CSAFPID-284789:277392",
          "CSAFPID-284789:277393",
          "CSAFPID-284789:277437",
          "CSAFPID-284789:277440",
          "CSAFPID-284789:277441",
          "CSAFPID-286091:277392",
          "CSAFPID-286091:277393",
          "CSAFPID-286091:277440",
          "CSAFPID-286091:277441",
          "CSAFPID-286091:286865",
          "CSAFPID-286538:277392",
          "CSAFPID-286538:277393",
          "CSAFPID-286538:277437",
          "CSAFPID-286538:277440",
          "CSAFPID-286538:277441",
          "CSAFPID-286543:277392",
          "CSAFPID-286543:277393",
          "CSAFPID-286543:277440",
          "CSAFPID-286543:277441",
          "CSAFPID-286930:277392",
          "CSAFPID-286930:277393",
          "CSAFPID-286930:277437",
          "CSAFPID-286930:277440",
          "CSAFPID-286930:277441",
          "CSAFPID-287081:277392",
          "CSAFPID-287081:277393",
          "CSAFPID-287081:277440",
          "CSAFPID-287081:277441",
          "CSAFPID-287081:286865",
          "CSAFPID-287122:277392",
          "CSAFPID-287122:277393",
          "CSAFPID-287122:277437",
          "CSAFPID-287122:277440",
          "CSAFPID-287122:277441",
          "CSAFPID-287181:277392",
          "CSAFPID-287181:277393",
          "CSAFPID-287181:277437",
          "CSAFPID-287181:277440",
          "CSAFPID-287181:277441",
          "CSAFPID-290467:286865",
          "CSAFPID-283788:277437",
          "CSAFPID-283788:277440",
          "CSAFPID-284175:277437",
          "CSAFPID-284175:277440",
          "CSAFPID-284342:277437",
          "CSAFPID-284342:277440",
          "CSAFPID-284600:277437",
          "CSAFPID-284600:277440",
          "CSAFPID-285970:277440",
          "CSAFPID-286190:277437",
          "CSAFPID-286190:277440",
          "CSAFPID-286192:277437",
          "CSAFPID-286192:277440",
          "CSAFPID-286396:277437",
          "CSAFPID-286396:277440",
          "CSAFPID-286583:277440",
          "CSAFPID-286584:277437",
          "CSAFPID-286584:277440",
          "CSAFPID-286867:277437",
          "CSAFPID-286867:277440",
          "CSAFPID-286868:277437",
          "CSAFPID-286868:277440",
          "CSAFPID-286880:277440",
          "CSAFPID-286906:277437",
          "CSAFPID-286906:277440",
          "CSAFPID-287042:277440",
          "CSAFPID-287079:277440",
          "CSAFPID-287200:277440",
          "CSAFPID-287201:277437",
          "CSAFPID-287201:277440",
          "CSAFPID-288207:277440",
          "CSAFPID-6588"
        ]
      },
      "release_date": "2022-08-10T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-220203",
            "CSAFPID-282695:277392",
            "CSAFPID-282695:277393",
            "CSAFPID-282695:277437",
            "CSAFPID-282695:277440",
            "CSAFPID-282695:277441",
            "CSAFPID-284277:277392",
            "CSAFPID-284277:277393",
            "CSAFPID-284277:277437",
            "CSAFPID-284277:277440",
            "CSAFPID-284277:277441",
            "CSAFPID-284789:277392",
            "CSAFPID-284789:277393",
            "CSAFPID-284789:277437",
            "CSAFPID-284789:277440",
            "CSAFPID-284789:277441",
            "CSAFPID-286091:277392",
            "CSAFPID-286091:277393",
            "CSAFPID-286091:277440",
            "CSAFPID-286091:277441",
            "CSAFPID-286091:286865",
            "CSAFPID-286538:277392",
            "CSAFPID-286538:277393",
            "CSAFPID-286538:277437",
            "CSAFPID-286538:277440",
            "CSAFPID-286538:277441",
            "CSAFPID-286543:277392",
            "CSAFPID-286543:277393",
            "CSAFPID-286543:277440",
            "CSAFPID-286543:277441",
            "CSAFPID-286930:277392",
            "CSAFPID-286930:277393",
            "CSAFPID-286930:277437",
            "CSAFPID-286930:277440",
            "CSAFPID-286930:277441",
            "CSAFPID-287081:277392",
            "CSAFPID-287081:277393",
            "CSAFPID-287081:277440",
            "CSAFPID-287081:277441",
            "CSAFPID-287081:286865",
            "CSAFPID-287122:277392",
            "CSAFPID-287122:277393",
            "CSAFPID-287122:277437",
            "CSAFPID-287122:277440",
            "CSAFPID-287122:277441",
            "CSAFPID-287181:277392",
            "CSAFPID-287181:277393",
            "CSAFPID-287181:277437",
            "CSAFPID-287181:277440",
            "CSAFPID-287181:277441",
            "CSAFPID-290467:286865",
            "CSAFPID-283788:277437",
            "CSAFPID-283788:277440",
            "CSAFPID-284175:277437",
            "CSAFPID-284175:277440",
            "CSAFPID-284342:277437",
            "CSAFPID-284342:277440",
            "CSAFPID-284600:277437",
            "CSAFPID-284600:277440",
            "CSAFPID-285970:277440",
            "CSAFPID-286190:277437",
            "CSAFPID-286190:277440",
            "CSAFPID-286192:277437",
            "CSAFPID-286192:277440",
            "CSAFPID-286396:277437",
            "CSAFPID-286396:277440",
            "CSAFPID-286583:277440",
            "CSAFPID-286584:277437",
            "CSAFPID-286584:277440",
            "CSAFPID-286867:277437",
            "CSAFPID-286867:277440",
            "CSAFPID-286868:277437",
            "CSAFPID-286868:277440",
            "CSAFPID-286880:277440",
            "CSAFPID-286906:277437",
            "CSAFPID-286906:277440",
            "CSAFPID-287042:277440",
            "CSAFPID-287079:277440",
            "CSAFPID-287200:277440",
            "CSAFPID-287201:277437",
            "CSAFPID-287201:277440",
            "CSAFPID-288207:277440",
            "CSAFPID-6588"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220203",
            "CSAFPID-282695:277392",
            "CSAFPID-282695:277393",
            "CSAFPID-282695:277437",
            "CSAFPID-282695:277440",
            "CSAFPID-282695:277441",
            "CSAFPID-284277:277392",
            "CSAFPID-284277:277393",
            "CSAFPID-284277:277437",
            "CSAFPID-284277:277440",
            "CSAFPID-284277:277441",
            "CSAFPID-284789:277392",
            "CSAFPID-284789:277393",
            "CSAFPID-284789:277437",
            "CSAFPID-284789:277440",
            "CSAFPID-284789:277441",
            "CSAFPID-286091:277392",
            "CSAFPID-286091:277393",
            "CSAFPID-286091:277440",
            "CSAFPID-286091:277441",
            "CSAFPID-286091:286865",
            "CSAFPID-286538:277392",
            "CSAFPID-286538:277393",
            "CSAFPID-286538:277437",
            "CSAFPID-286538:277440",
            "CSAFPID-286538:277441",
            "CSAFPID-286543:277392",
            "CSAFPID-286543:277393",
            "CSAFPID-286543:277440",
            "CSAFPID-286543:277441",
            "CSAFPID-286930:277392",
            "CSAFPID-286930:277393",
            "CSAFPID-286930:277437",
            "CSAFPID-286930:277440",
            "CSAFPID-286930:277441",
            "CSAFPID-287081:277392",
            "CSAFPID-287081:277393",
            "CSAFPID-287081:277440",
            "CSAFPID-287081:277441",
            "CSAFPID-287081:286865",
            "CSAFPID-287122:277392",
            "CSAFPID-287122:277393",
            "CSAFPID-287122:277437",
            "CSAFPID-287122:277440",
            "CSAFPID-287122:277441",
            "CSAFPID-287181:277392",
            "CSAFPID-287181:277393",
            "CSAFPID-287181:277437",
            "CSAFPID-287181:277440",
            "CSAFPID-287181:277441",
            "CSAFPID-290467:286865",
            "CSAFPID-283788:277437",
            "CSAFPID-283788:277440",
            "CSAFPID-284175:277437",
            "CSAFPID-284175:277440",
            "CSAFPID-284342:277437",
            "CSAFPID-284342:277440",
            "CSAFPID-284600:277437",
            "CSAFPID-284600:277440",
            "CSAFPID-285970:277440",
            "CSAFPID-286190:277437",
            "CSAFPID-286190:277440",
            "CSAFPID-286192:277437",
            "CSAFPID-286192:277440",
            "CSAFPID-286396:277437",
            "CSAFPID-286396:277440",
            "CSAFPID-286583:277440",
            "CSAFPID-286584:277437",
            "CSAFPID-286584:277440",
            "CSAFPID-286867:277437",
            "CSAFPID-286867:277440",
            "CSAFPID-286868:277437",
            "CSAFPID-286868:277440",
            "CSAFPID-286880:277440",
            "CSAFPID-286906:277437",
            "CSAFPID-286906:277440",
            "CSAFPID-287042:277440",
            "CSAFPID-287079:277440",
            "CSAFPID-287200:277440",
            "CSAFPID-287201:277437",
            "CSAFPID-287201:277440",
            "CSAFPID-288207:277440",
            "CSAFPID-6588"
          ]
        }
      ],
      "title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Hardware Cryptographic RSA Malformed Key Vulnerability"
    }
  ]
}

gsd-2022-20866

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-20866

Aliases

CVE-2022-20866

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-20866",
    "description": "A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic.",
    "id": "GSD-2022-20866"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-20866"
      ],
      "details": "A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic.",
      "id": "GSD-2022-20866",
      "modified": "2023-12-13T01:19:16.715138Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2022-08-10T23:00:00",
        "ID": "CVE-2022-20866",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Adaptive Security Appliance (ASA) Software ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco PSIRT is aware of a public announcement of the vulnerability that is described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "7.4",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-203"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20220810 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz",
        "defect": [
          [
            "CSCwb88651",
            "CSCwc28334"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.18.2",
                    "versionStartIncluding": "9.18.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.17.1.13",
                    "versionStartIncluding": "9.17.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.2.0.1",
                    "versionStartIncluding": "7.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.16.3.19",
                    "versionStartIncluding": "9.16.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.0.4",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5506h-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5506w-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5506-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5508-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:asa_5516-x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1030:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1040:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:secure_firewall_3110:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:secure_firewall_3120:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:secure_firewall_3130:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:secure_firewall_3140:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2022-20866"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220810 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-08-15T18:25Z",
      "publishedDate": "2022-08-10T17:15Z"
    }
  }
}

Action not permitted

cve-2022-20866

Vulnerability from cvelistv5

ghsa-96q7-c2w2-93p8

Vulnerability from github

cisco-sa-asaftd-rsa-key-leak-ms7uefzz

Vulnerability from csaf_cisco

gsd-2022-20866

Vulnerability from gsd

Tags