Key Vulnerability Information Summary Vulnerability Overview Name: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability ID: cisco-sa-asaftd-ipsec-mitm-CKnLr4 CVE ID: CVE-2022-20742 CVE-325: CWE-325 CVSS Base Score: 7.4 Severity: High Vulnerability Description Cause: Improper implementation of the Galois/Counter Mode (GCM) cipher mode in the IPsec VPN library. Impact: An unauthenticated remote attacker can intercept sufficient encrypted messages within the affected IPsec IKEv2 VPN tunnel and use cryptanalysis techniques to break the encryption, enabling them to read, modify, and re-encrypt data. Affected Products Affected Products: Various Firepower devices and Firepower 9300 Security Appliances running certain versions of Cisco ASA Software and Cisco FTD Software. Unaffected Products: Includes 3000 Series Industrial Security Appliances, ASA 5505 Series, ASA 5500-X Series, etc. Temporary Mitigation Workaround: Reconfigure all existing IPsec IKEv2 proposals to use non-GCM ciphers. Solution Software Update: Cisco has released free software updates, including multiple versions of ASA Software and FTD Software. Service Contracts: Customers with service contracts should obtain the security fix through normal software update channels. Seamless Updates: For customers without service contracts, contact Cisco Technical Assistance Center (TAC) or an authorized maintenance provider to obtain the upgrade. Public Disclosure and Exploitation Announcement: Cisco PSIRT has not identified any public disclosures or malicious exploitation of this vulnerability. The vulnerability was discovered during internal security testing. URL Cisco Security Advisory