Cisco released several security patches on Wednesday to fix various software vulnerabilities that could be used to leak sensitive information on affected devices/solutions.
The vulnerability classified as (CVE-2022-20866) has been considered by Cisco to have a high level on the CVSS scale (CVSS score: 7.4). The vulnerability has been described as a “logical error” when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.
This vulnerability could be exploited through a side channel attack to discover patterns that would allow the device’s secret encryption key to be revealed. If an attacker obtains an RSA private key, they could use it to impersonate a device running Cisco ASA Software or Cisco FTD Software or to decrypt traffic from the device.
Affected Products
The Cisco company has recently published a security advisory about its affected products:
Solution
Cisco recommends updating and patching the affected products, for which it has published software updates that fix the described vulnerabilities and can be downloaded from the Software Center.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.