Vulnerability in Cisco Adaptive_security_appliance_software
CVE-2022-20866
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private ke…
EPSS: 0.166 (96.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.
Affected products
Weakness classification (CWE)
Public proof-of-concept exploits
References
- psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2022-20866?
- CVE-2022-20866 is a high-severity vulnerability in Cisco Adaptive_security_appliance_software, classified under Observable Discrepancy. CVSS score: 7.4/10. Published 2022-08-10.
- How severe is CVE-2022-20866?
- High severity. CVSS v3 base score is 7.4 out of 10.
- Is CVE-2022-20866 known to be exploited?
- 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.