Vulnerability Details : CVE-2022-20828
Public exploit exists!
A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.
Exploit prediction scoring system (EPSS) score for CVE-2022-20828
Probability of exploitation activity in the next 30 days: 10.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2022-20828
-
Cisco ASA-X with FirePOWER Services Authenticated Command Injection
Disclosure Date: 2022-06-22First seen: 2022-12-23exploit/linux/http/cisco_asax_sfr_rceThis module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root
CVSS scores for CVE-2022-20828
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
1.2
|
5.2
|
Cisco Systems, Inc. |
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2022-20828
-
The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2022-20828
-
https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER | Rapid7 BlogExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html
Cisco ASA-X With FirePOWER Services Authenticated Command Injection ≈ Packet StormExploit;Third Party Advisory
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection VulnerabilityVendor Advisory
Products affected by CVE-2022-20828
- cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*