CVE-2022-20940: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability (CVE-2022-20940) was discovered in the TLS handler of Cisco Firepower Threat Defense (FTD) Software, which was disclosed on November 9, 2022. The vulnerability affects devices running vulnerable releases of Cisco FTD Software with at least one active SSL decryption policy configured with 'Block with reset' behavior in response to decryption errors. This security flaw stems from improper implementation of countermeasures against Bleichenbacher attacks on devices using SSL decryption policies (Cisco Advisory).

The vulnerability has been assigned a CVSS Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. It is categorized under CWE-203 (Observable Discrepancy). The vulnerability specifically affects Cisco FTD Software versions from 6.2.3 through 6.2.3.18, 6.3.0 through 6.3.0.5, 6.4.0 through 6.4.0.14, and 6.5.0 through 6.5.0.5 (NVD).

A successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to gain access to sensitive information. The attacker could perform cryptanalytic operations that may enable the decryption of previously captured TLS sessions to the affected device (Cisco Advisory).

Cisco has released software updates that address this vulnerability. No workarounds are available that address this vulnerability. Organizations using affected devices should upgrade to a fixed software version. The vulnerability was discovered during the resolution of a Cisco TAC support case (Cisco Advisory).