CVE-2022-20828
Published: 24 June 2022
Summary
CVE-2022-20828 is a medium-severity Improper Handling of Undefined Parameters (CWE-236) vulnerability in Cisco Asa Firepower. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER modules stems from improper handling of undefined command parameters. This flaw affects the ASA FirePOWER module hosted on Cisco ASA devices and enables execution of arbitrary commands on the underlying operating system as the root user. The issue is tracked under CVE-2022-20828 with a CVSS 3.1 score of 6.5.
An authenticated remote attacker who already possesses administrative access to the Cisco ASA can exploit the vulnerability by submitting a crafted command through the CLI or a crafted HTTPS request to the web-based management interface. Successful exploitation grants root-level command execution on the ASA FirePOWER module's operating system, affecting confidentiality and integrity but not availability.
The Cisco Security Advisory cisco-sa-asasfr-cmd-inject-PE4GfdG addresses the issue, and public analysis from Rapid7 along with proof-of-concept material on Packet Storm further document the command injection vector.
EPSS for this CVE rose from lower values to a peak of 0.8063 before receding to the current 0.5304, indicating a clear post-disclosure increase in exploitation interest that warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-26078
Vulnerability details
A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the…
more
root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.