Vulnerability identifier: #VU73975

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2023-20107

CWE-ID: CWE-320

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Adaptive Security Appliance 5506-X
Hardware solutions / Firmware
Adaptive Security Appliance 5506H-X
Hardware solutions / Firmware
Adaptive Security Appliance 5506W-X
Hardware solutions / Firmware
Adaptive Security Appliance 5508-X
Hardware solutions / Firmware
Adaptive Security Appliance 5516-X
Hardware solutions / Firmware
Cisco Adaptive Security Appliance (ASA)
Hardware solutions / Security hardware applicances
Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to cause a cryptographic collision.

The vulnerability exists due to insufficient entropy in the deterministic random bit generator (DRBG) for the affected hardware platforms when generating cryptographic keys. A remote attacker can generate a large number of cryptographic keys, discover the private key and decrypt traffic that is sent to or from the target device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Adaptive Security Appliance 5506-X: All versions

Adaptive Security Appliance 5506H-X: All versions

Adaptive Security Appliance 5506W-X: All versions

Adaptive Security Appliance 5508-X: All versions

Adaptive Security Appliance 5516-X: All versions

---

CPE

• cpe:2.3:h:cisco_systems:adaptive_security_appliance_5506-x:*:*:*:*:*:*:*:*

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa5500x-entropy-6v9bHVYP

---

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?