Design/Logic Flaw

2022-05-0304:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.0%

JSON

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel.

CPENameOperatorVersion
adaptive_security_appliance_softwarege9.17.0
adaptive_security_appliance_softwarelt9.17.1.7
adaptive_security_appliance_softwarege9.16.0
adaptive_security_appliance_softwarelt9.16.2.14
adaptive_security_appliance_softwarege9.15.0
adaptive_security_appliance_softwarelt9.15.1.21
adaptive_security_appliance_softwarelt9.12.4.38
adaptive_security_appliance_softwarege9.13.0
adaptive_security_appliance_softwarelt9.14.4
firepower_threat_defenseeq7.1.0

Name	Operator	Version
adaptive_security_appliance_software	ge	9.17.0
adaptive_security_appliance_software	lt	9.17.1.7
adaptive_security_appliance_software	ge	9.16.0
adaptive_security_appliance_software	lt	9.16.2.14
adaptive_security_appliance_software	ge	9.15.0
adaptive_security_appliance_software	lt	9.15.1.21
adaptive_security_appliance_software	lt	9.12.4.38
adaptive_security_appliance_software	ge	9.13.0
adaptive_security_appliance_software	lt	9.14.4
firepower_threat_defense	eq	7.1.0