Cisco Bug: CSCuq37448 - Cisco ASA Failover IPSEC does not encrypt failover link
Apr 16, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: The use of failover key or failover ipsec <preshared key> do not encrypt messages going through the failover link. Failover link messages include information about state of connection table and connection replication. An attacker that is able to MitM the failover link could exploit this to manipulate or make inconsistent the information on the standby unit. The fix is available only for failover ipsec preshared key configuration This vulnerability was reported to Cisco by Alec STUART-MUIRK Conditions: Failover link needs to be configured.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases