Cisco Security Updates - 11 August 2022

183/2022
Critical
August 11, 2022
2:24 pm

Cisco has released a security update to fix several vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to gain access, obtain information and cause a denial of service on the affected systems.

The impacted products:

Cisco ASA Software or FTD Software with vulnerable AnyConnect or WebVPN configuration
ASA 5506-X with FirePOWER Services
ASA 5506H-X with FirePOWER Services
ASA 5506W-X with FirePOWER Services
ASA 5508-X with FirePOWER Services
ASA 5516-X with FirePOWER Services
Firepower 1000 Series Next-Generation Firewall
Firepower 2100 Series Security Appliances
Firepower 4100 Series Security Appliances
Firepower 9300 Series Security Appliances
Secure Firewall 3100
Cisco ASA Software with the Clientless SSL VPN feature enabled
Cisco ASDM
Cisco ASA Software

Sample of the addressed vulnerabilities:

Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software code execution (CVE-2022-20829):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software denial of service (CVE-2022-20715)
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software information disclosure (CVE-2022-20866)
- CVSS: 7.4
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information

It should be highlighted that the mentioned “CVE-2022-20866” security flaw is due to a weakness in handling RSA keys on ASA and FTD devices that affects Cisco products running vulnerable Cisco ASA (9.16.1 and later) or Cisco FTD (7.0.0 and later) therefore If successfully exploited, it can let unauthenticated attackers retrieve an RSA private key remotely, which they can use to decrypt the device traffic or impersonate Cisco ASA/FTD devices.

Cisco recommends administrators of Cisco ASA or FTD should remove malformed or susceptible RSA keys and possibly revoke any certificates associated with those RSA keys as the RSA private key may have been leaked to a malicious actor.

Vulnerabilities

CVE-2022-20715
CVE-2022-20866
CVE-2022-20713
CVE-2022-20829
CVE-2021-1585

Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.
https://tools.cisco.com/security/center/publicationListing.x?

References

https://tools.cisco.com/security/center/publicationListing.x?

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.