Connect with us

Cybersecurity Tech News

Cisco: Attackers could get private RSA keys in ASA and Firepower

Amazon Cybersecurity iOS Microsoft Tech News

Now available: hunt down Trojans with Desinfec't 2022/23

Cybersecurity Tech News Twitter

Twitter whistleblower: China and India have also planted agents

Cybersecurity Tech News Twitter

Lorenz ransomware uses Mitel's MiVoice Connect VoIP phones as a springboard

Cybersecurity Tech News

Waiting for security updates: Some HP computers have been vulnerable for months

Apple Cybersecurity iOS iphone Tech News

iPadOS, macOS Monterey and old iOS: Apple patches gaps

Cybersecurity Tech News

Up to 70 percent slower: kernel fix against retbleed makes Linux VMs paralyzed

Cybersecurity Tech News

Report: Ransomware partially encrypts data to avoid being caught

Cybersecurity Huawei Tech News

Patchday: Starting points for attackers in Android 10, 11 and 12 closed

Cybersecurity Tech News

Crypto malware Shikitega outwits traditional Linux protection

Cybersecurity

Cisco: Attackers could get private RSA keys in ASA and Firepower

Published

2 years ago

on

cisco attackers could get private rsa keys in asa and.jpg

The network supplier Cisco closes a security gap in ASA and Firepower with updated software. Attackers could read private RSA keys.

 

A vulnerability in Cisco ASA and Firepower could be exploited by attackers to read private keys. Another vulnerability allows browser-based attacks to be carried out. The manufacturer provides partly updated software to fix one of the vulnerabilities.

 

Leak RSA private key

Due to a logic error in the software when storing RSA keys in main memory on platforms that offer hardware-assisted cryptography, unauthenticated attackers could obtain private RSA keys from the network (CVE-2022-20866, CVSS 7.4risk “high“). To do this, an attacker would have to launch a so-called Lenstra side channel attack against a vulnerable device.

The Cisco appliances are affected by the vulnerability ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X such as ASA 5516-X each with the Firepower Services. Also Cisco’s Firepower 1000 Series Next-Generation Firewall and the Firepower series 2100, 4100 and 9300 and finally the Secure Firewall 3100. The software ASA 9.16.3.19, 9.17.1.13 and 9.18.2 such as FTD 7.0.4, 7.1.0.2, 7.1.0.3 and 7.2.0.1 fix the vulnerabilities.

Older versions are not vulnerable as long as the RSA keys were not created with a vulnerable version of ASA or FTD. In the security advisory, Cisco explains in detail how compromised devices or keys can be identified and how administrators should proceed.

Cisco also warns of a security vulnerability in Cisco ASA Clientless SSL VPN. Here, unannounced attackers from the network could under certain circumstances foist requests on victims and thus start browser-based attacks. This is achieved, for example, by malicious actors luring victims to manipulated websites (CVE-2022-20713, CVSS 4.3, medium).

In the security advisory, the manufacturer states that proof-of-concept code that demonstrates the vulnerability is publicly available. Affected are devices running ASA software version 9.17 or earlier and have Clientless SSL VPN enabled – Cisco no longer supports this and therefore classifies it as “Depricated” and recommends administrators to disable the feature. There is no software update to fix the error.

Administrators should download and install the updated software versions as soon as possible. If necessary, they should also carry out the recommended checks to ensure that the RSA keys used have not been compromised.

Related Topics:

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2017 Zox News Theme. Theme by MVP Themes, powered by WordPress.