Main
Vulnerability Database
Exploits
ID:8240 - Exploit for Observable discrepancy in Cisco Systems, Inc products - CVE-2022-20866
ID:8240 - Exploit for Observable discrepancy in Cisco Systems, Inc products - CVE-2022-20866
Published: August 11, 2022
Vulnerability identifier: #VU66391
Vulnerability risk: Medium
CVE-ID: CVE-2022-20866
CWE-ID: CWE-203
Exploitation vector: Remote access
Vulnerable software:
Cisco Adaptive Security Appliance (ASA)
Cisco Firewall Threat Defense (FTD)
ASA 5506-X with FirePOWER Services
ASA 5506H-X with FirePOWER Services
ASA 5506W-X with FirePOWER Services
ASA 5508-X with FirePOWER Services
ASA 5516-X with FirePOWER Services
Firepower 1000 Series Next-Generation Firewall
Firepower 2100 Series Security Appliances
Firepower 4100 Series Security Appliances
Firepower 9300 Series Security Appliances
Secure Firewall 3100
Cisco Adaptive Security Appliance (ASA)
Cisco Firewall Threat Defense (FTD)
ASA 5506-X with FirePOWER Services
ASA 5506H-X with FirePOWER Services
ASA 5506W-X with FirePOWER Services
ASA 5508-X with FirePOWER Services
ASA 5516-X with FirePOWER Services
Firepower 1000 Series Next-Generation Firewall
Firepower 2100 Series Security Appliances
Firepower 4100 Series Security Appliances
Firepower 9300 Series Security Appliances
Secure Firewall 3100
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. A remote attacker can perform a Lenstra side-channel attack and retrieve the RSA private key.
Remediation
Install updates from vendor's website.