CVE-2022-20828 An attacker could exploit a vulnerability in the CLI parser of Cisco FirePOWER Software for ASA FirePOWER module to execute arbitrary commands on the underlying operating system.

An attacker could exploit this vulnerability by having a user on the network attempt to use a crafted command on the CLI of the Cisco ASA or by submitting a crafted HTTP request to the web-based management interface of the Cisco ASA. Cisco ASA software provides an interface for users to view the status of the module and change the configuration as well as view the status of the module. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Cisco Firewall-1, Cisco ASA, Cisco Catalyst switches, and Cisco Industrial Control Systems (ICS) are vulnerable if they are running software releases 1.0.0 or later. Cisco FirePOWER, Cisco ASA on HP or ML, Cisco ICS software running on the ia64 architecture is also vulnerable. Cisco FirePOWER, Cisco ASA on HP or ML, Cisco ICS software running on the ia64 architecture are also vulnerable. Cisco FirePOWER, Cisco ASA on HP or ML, Cisco ICS software running on the ia64 architecture are also vulnerable. Cisco FirePOWER, Cisco ASA on HP or ML, Cisco ICS software running on the ia64 architecture are also vulnerable. Cisco FirePOWER, Cisco ASA on HP or ML, Cisco ICS software running on the ia64 architecture are also vulnerable. Cisco FirePOWER, Cisco ASA on HP or ML, Cisco ICS software running on the ia

Cisco Common Vulnerabilities and Exposures (CVE) project

Cisco Common Vulnerabilities and Exposures (CVE) is the company's coordinated vulnerability disclosure program. It is operated by Cisco's Security Response Center in coordination with other members of the security community who have discovered vulnerabilities in Cisco products or services.

Cisco FirePOWER Software

A vulnerability in the Cisco ASA software could allow attackers to remotely execute malicious code on vulnerable devices. The vulnerability is due to improper handling of the Cisco ASA configuration process. An attacker could exploit this vulnerability by having a user on the network attempt to use a crafted command on the CLI of the Cisco ASA or by submitting a crafted HTTP request to the web-based management interface of the Cisco ASA.

Timeline

Published on: 06/24/2022 16:15:00 UTC
Last modified on: 08/16/2022 18:15:00 UTC

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG
• https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20828