#VU73975 Key management errors in Cisco Systems, Inc products - CVE-2023-20107
Vulnerability identifier: #VU73975
Vulnerability risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-320
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Adaptive Security Appliance 5506-X
Hardware solutions /
Firmware
Adaptive Security Appliance 5506H-X
Hardware solutions /
Firmware
Adaptive Security Appliance 5506W-X
Hardware solutions /
Firmware
Adaptive Security Appliance 5508-X
Hardware solutions /
Firmware
Adaptive Security Appliance 5516-X
Hardware solutions /
Firmware
Cisco Adaptive Security Appliance (ASA)
Hardware solutions /
Security hardware applicances
Cisco Firepower Threat Defense (FTD)
Hardware solutions /
Security hardware applicances
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause a cryptographic collision.
The vulnerability exists due to insufficient entropy in the deterministic random bit generator (DRBG) for the affected hardware platforms when generating cryptographic keys. A remote attacker can generate a large number of cryptographic keys, discover the private key and decrypt traffic that is sent to or from the target device.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Adaptive Security Appliance 5506-X: All versions
Adaptive Security Appliance 5506H-X: All versions
Adaptive Security Appliance 5506W-X: All versions
Adaptive Security Appliance 5508-X: All versions
Adaptive Security Appliance 5516-X: All versions
Cisco Adaptive Security Appliance (ASA): before 9.12.1, 9.12.1
Cisco Firepower Threat Defense (FTD): before 6.4.0, 6.4.0
External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa5500x-entropy-6v9bHVYP
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
