2 matches found
Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions
Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 CVSS score: 7.4, has been described as a "logic error" when handling RSA keys on devices...
CVE-2022-20866
CVE-2022-20866 is a Cisco RSA private-key leakage flaw affecting Cisco ASA/FTD software due to a logic error in in-memory RSA key handling on hardware crypto platforms. An unauthenticated, remote attacker could perform a Lenstra side-channel attack to recover private keys, potentially impersonate...