cve-2022-20828
Vulnerability from cvelistv5
Published
2022-06-24 15:25
Modified
2024-11-01 19:00
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
References
ykramarz@cisco.comhttp://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.htmlExploit, Third Party Advisory
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdGVendor Advisory
ykramarz@cisco.comhttps://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/Exploit, Third Party Advisory
Impacted products
CiscoCisco FirePOWER Services Software for ASA
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:50.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20828",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-01T18:42:47.498802Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T19:00:55.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco FirePOWER Services Software for ASA",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-236",
              "description": "CWE-236",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-05T16:06:12",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asasfr-cmd-inject-PE4GfdG",
        "defect": [
          [
            "CSCwb32418"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-06-22T23:00:00",
          "ID": "CVE-2022-20828",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco FirePOWER Services Software for ASA",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-236"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"
            },
            {
              "name": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/",
              "refsource": "MISC",
              "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"
            },
            {
              "name": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-asasfr-cmd-inject-PE4GfdG",
          "defect": [
            [
              "CSCwb32418"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20828",
    "datePublished": "2022-06-24T15:25:16.277268Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-11-01T19:00:55.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-20828\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2022-06-24T16:15:08.523\",\"lastModified\":\"2023-11-07T03:43:04.413\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el analizador de la CLI del software Cisco FirePOWER para el m\u00f3dulo FirePOWER de Adaptive Security Appliance (ASA) podr\u00eda permitir a un atacante remoto autenticado ejecutar comandos arbitrarios en el sistema operativo subyacente de un m\u00f3dulo ASA FirePOWER afectado como usuario root. Esta vulnerabilidad es debido al manejo inapropiado de par\u00e1metros de comando no definidos. Un atacante podr\u00eda aprovechar esta vulnerabilidad usando un comando dise\u00f1ado en la CLI o enviando una petici\u00f3n HTTPS dise\u00f1ada a la interfaz de administraci\u00f3n basada en web del Cisco ASA que aloja el m\u00f3dulo ASA FirePOWER. Nota: Para aprovechar esta vulnerabilidad, el atacante debe tener acceso administrativo al Cisco ASA. Es esperado que un usuario que tenga acceso administrativo a un determinado Cisco ASA tambi\u00e9n tenga acceso administrativo al m\u00f3dulo ASA FirePOWER que est\u00e1 alojado en ese Cisco ASA\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-236\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.3.19\",\"matchCriteriaId\":\"2948FC9B-05A4-4E9B-9FE2-A4941CC94DD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0\",\"versionEndExcluding\":\"6.4.0.15\",\"matchCriteriaId\":\"7DF32EC7-CC7E-46F5-9D1E-E0EE461261A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5.0\",\"versionEndExcluding\":\"6.6.7\",\"matchCriteriaId\":\"03F7B0B9-A618-4E8D-A767-A209A1FA0A5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7.0\",\"versionEndExcluding\":\"7.0.2.1\",\"matchCriteriaId\":\"3D71271D-11C6-4F43-91EE-85D4419C9C8F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFE3880-4B85-4E23-9836-70875D5109F7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"727A02E8-40A1-4DFE-A3A2-91D628D3044F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19F6546E-28F4-40DC-97D6-E0E023FE939B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52D96810-5F79-4A83-B8CA-D015790FCF72\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16FE2945-4975-4003-AE48-7E134E167A7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"976901BF-C52C-4F81-956A-711AF8A60140\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0CBC7F5-7767-43B6-9384-BE143FCDBD7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"957D64EB-D60E-4775-B9A8-B21CA48ED3B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A694AD51-9008-4AE6-8240-98B17AB527EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38AE6DC0-2B03-4D36-9856-42530312CC46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71DCEF22-ED20-4330-8502-EC2DD4C9838F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DB2822B-B752-4CD9-A178-934957E306B4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F4868A-6D62-479C-9C19-F9AABDBB6B24\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65378F3A-777C-4AE2-87FB-1E7402F9EA1B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DAFDDA-718B-4B69-A524-B0CEB80FE960\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_management_center:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C29140C-1C4C-48DD-BED4-1FA0BFDC565D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_management_center_virtual_appliance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B4F454C-D675-426F-961F-3A85BBF4AD4A\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.