Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances.

The issue, assigned the identifier CVE-2022-20866, has been described as a “Logic error” when handling RSA keys on devices running Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software.

“If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic,” Cisco warned in an advisory issued on August 10.

Cisco noted that the flaw impacts only Cisco ASA Software releases 9.16.1 and later and Cisco FTD Software releases 7.0.0 and later.

The company said the weakness, CVE-2022-20713, impact Cisco devices running a release of Cisco ASA Software earlier than release 9.17(1) and have the Clientless SSL VPN feature turned on.

The development comes as cybersecurity firm Rapid7 disclosed details of 10 bugs found in ASA, Adaptive Security Device Manager, and FirePOWER Services Software for ASA, seven of which have since been addressed by Cisco.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.


What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

This field is for validation purposes and should be left unchanged.
Scroll to Top


Enter Your
Corporate Email

This site is registered on as a development site.