Lucene search

[email protected]CVE-2022-20828

HistoryJun 24, 2022 - 4:15 p.m.

CVE-2022-20828

2022-06-2416:15:08

CWE-236

[email protected]

web.nvd.nist.gov

vulnerability

cli parser

cisco firepower software

asa

firepower module

cve-2022-20828

security

remote attacker

arbitrary commands

authentication

nvd

cisco asa

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.137 Low

EPSS

Percentile

95.7%

JSON

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.

Affected configurations

NVD

Node

ciscoasa_firepowerRange<6.2.3.19

ciscoasa_firepowerRange6.3.0–6.4.0.15

ciscoasa_firepowerRange6.5.0–6.6.7

ciscoasa_firepowerRange6.7.0–7.0.2.1

AND

ciscofirepower_1010Match-

ciscofirepower_1120Match-

ciscofirepower_1140Match-

ciscofirepower_1150Match-

ciscofirepower_2110Match-

ciscofirepower_2120Match-

ciscofirepower_2130Match-

ciscofirepower_2140Match-

ciscofirepower_4110Match-

ciscofirepower_4112Match-

ciscofirepower_4115Match-

ciscofirepower_4120Match-

ciscofirepower_4125Match-

ciscofirepower_4140Match-

ciscofirepower_4145Match-

ciscofirepower_4150Match-

ciscofirepower_9300Match-

ciscofirepower_management_centerMatch-

ciscofirepower_management_center_virtual_applianceMatch-

CPENameOperatorVersion
cisco:asa_firepowercisco asa firepowerlt6.2.3.19
cisco:asa_firepowercisco asa firepowerlt6.4.0.15
cisco:asa_firepowercisco asa firepowerlt6.6.7
cisco:asa_firepowercisco asa firepowerlt7.0.2.1

CPE	Name	Operator	Version
cisco:asa_firepower	cisco asa firepower	lt	6.2.3.19
cisco:asa_firepower	cisco asa firepower	lt	6.4.0.15
cisco:asa_firepower	cisco asa firepower	lt	6.6.7
cisco:asa_firepower	cisco asa firepower	lt	7.0.2.1

CNA Affected

[
  {
    "product": "Cisco FirePOWER Services Software for ASA ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]