Security Experts:

Connect with us

Hi, what are you looking for?



Cisco Patches High-Severity Vulnerability in Security Solutions

Cisco this week announced the release of patches for a high-severity vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that could allow an unauthenticated attacker to leak an RSA private key.

Cisco this week announced the release of patches for a high-severity vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that could allow an unauthenticated attacker to leak an RSA private key.

The ASA software is the core operating system of Cisco’s ASA security devices, which provide protection to data centers and corporate networks, while the FTD software delivers next-generation firewall services.

Tracked as CVE-2022-20866, the vulnerability exists because of “a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography,” Cisco notes in its advisory.

A threat actor using a Lenstra side-channel attack against a vulnerable device could exploit the security bug to retrieve the RSA private key.

“This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key,” Cisco explains.

The tech company also notes that a valid RSA key may have specific characteristics making it vulnerable to the leak, or may be malformed and invalid, being created by a vulnerable software release that created an invalid RSA signature – leading to failed verification.

In either case, an attacker may use the obtained RSA private key to impersonate a device running ASA or FTD software, or to decrypt the device traffic.

The vulnerability, Cisco explains, impacts the following ASA devices with FirePOWER services: ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, and ASA 5516-X, as well as the Firepower 1000 series next-gen firewalls, the Firepower 2100, 4100, and 9300 series security appliances, and the Secure Firewall 3100 products.

Only ASA software releases 9.16.1 and later and FTD software releases 7.0.0 and later are impacted by this vulnerability. ASA software releases,, and 9.18.2, and FTD software releases 7.0.4,, and address the security flaw.

“As the result of this vulnerability, Cisco ASA or FTD device administrators may need to remove malformed or susceptible RSA keys and possibly revoke any certificates associated with those RSA keys. This is because it is possible the RSA private key has been leaked to a malicious actor,” Cisco says.

The tech company also notes that information on this vulnerability has already been made public, but that it is not aware of any exploitation attempts.

On Wednesday, Cisco also announced patches for a request smuggling vulnerability in the Clientless SSL VPN (WebVPN) component of ASA software, which could allow an unauthenticated, remote attacker to launch attacks from the browser, by tricking the victim into accessing a malicious website.

Cisco deprecated support for the vulnerable component in ASA software release 9.17(1) and encourages customers to upgrade to a non-vulnerable release. As a possible workaround, customers could disable the Clientless SSL VPN feature, which could impact functionality or performance.

Tracked as CVE-2022-20713, the vulnerability is considered ‘medium severity’, but proof-of-concept exploit code targeting the bug is already available publicly.

In coordination with a Rapid7 talk at the Black Hat 2022 conference in Las Vegas, Cisco also updated a series of previously published advisories detailing high- and medium-severity vulnerabilities in ASA software, Adaptive Security Device Manager (ASDM), and FTD software.

Some of these vulnerabilities – such as CVE-2022-20651, CVE-2022-20828, and others – have already been addressed, but others have yet to be properly fixed, or they have yet to receive a patch at all.

Rapid7 has published a blog post detailing its findings. The cybersecurity firm has identified 10 issues, but it has not reached a consensus with Cisco regarding the impact and resolution of some flaws.

Related: Cisco Patches Critical Vulnerability in Email Security Appliance

Related: Cisco Warns of Exploitation Attempts Targeting New IOS XR Vulnerability

Related: Cisco Patches 11 High-Severity Vulnerabilities in Security Products

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.