CVE-2022-20829 Cisco ASDM images could have a vulnerability that allows an attacker with administrative privileges to access them.

or could allow the attacker to bypass the ASDM login screen and gain privileged access to the targeted user’s device. The default setting of the “Disable remote access” feature in the “Network” tab of the Cisco ASA WebVPN configuration will protect users from this vulnerability. The Cisco ASA Software provides a secure way for administrators to control the installation of ASDM images. Cisco ASA Software verifies the signature of an ASDM image using a signature that is downloaded from a trusted source and then validates that the signature of the image matches the signature in the image itself. If the image is verified to be authentic, then the installation of the image is validated. However a weakness in the validation of the authenticity of an ASDM image could allow an attacker to provide an incorrect or malicious signature for the image and then install the image without it being validated. An attacker could exploit this vulnerability by providing a malicious signature for an ASDM image. A successful exploit could allow the attacker to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software and then install the image on the device without it being validated. In some cases, the installation of the image could be validated and the malicious code could still execute on the device

Summary

A vulnerability exists in the validation of ASDM images. An attacker could exploit this vulnerability by providing a malicious signature for an ASDM image. A successful exploit could allow the attacker to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software and then install the image on the device without it being validated. In some cases, the installation of the image could be validated and the malicious code could still execute on the device

Vulnerability Scenario

An attacker could exploit this vulnerability by providing a malicious signature for an ASDM image. A successful exploit could allow the attacker to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software and then install the image on the device without it being validated. In some cases, the installation of the image could be validated and the malicious code could still execute on the device.

Timeline

Published on: 06/24/2022 16:15:00 UTC
Last modified on: 08/16/2022 18:15:00 UTC

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-asdm-sig-NPKvwDjm
• https://github.com/jbaines-r7/theway
• https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20829