Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions



Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances.

The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a “logic error” when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.

Successful exploitation of the flaw could allow an attacker to retrieve the RSA private key by means of a Lenstra side-channel attack against the targeted device.

Read more…