Cisco ASA/FTD IPsec IKEv2 GCM Implementation Flaw Allows MITM (CVE-2022-20742)

Key Vulnerability Information Summary Vulnerability Overview Name: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability ID: cisco-sa-asaftd-ipsec-mitm-CKnLr4 CVE ID: CVE-2022-20742 CVE-325: CWE-325 CVSS Base Score: 7.4 Severity: High Vulnerability Description Cause: Improper implementation of the Galois/Counter Mode (GCM) cipher mode in the IPsec VPN library. Impact: An unauthenticated remote attacker can intercept sufficient encrypted messages within the affected IPsec IKEv2 VPN tunnel and use cryptanalysis techniques to break the encryption, enabling them to read, modify, and re-encrypt data. Affected Products Affected Products: Various Firepower devices and Firepower 9300 Security Appliances running certain versions of Cisco ASA Software and Cisco FTD Software. Unaffected Products: Includes 3000 Series Industrial Security Appliances, ASA 5505 Series, ASA 5500-X Series, etc. Temporary Mitigation Workaround: Reconfigure all existing IPsec IKEv2 proposals to use non-GCM ciphers. Solution Software Update: Cisco has released free software updates, including multiple versions of ASA Software and FTD Software. Service Contracts: Customers with service contracts should obtain the security fix through normal software update channels. Seamless Updates: For customers without service contracts, contact Cisco Technical Assistance Center (TAC) or an authorized maintenance provider to obtain the upgrade. Public Disclosure and Exploitation Announcement: Cisco PSIRT has not identified any public disclosures or malicious exploitation of this vulnerability. The vulnerability was discovered during internal security testing. URL Cisco Security Advisory

Goal Reached Thanks to every supporter — we hit 100%!

Cisco ASA/FTD IPsec IKEv2 GCM Implementation Flaw Allows MITM (CVE-2022-20742)