CVE-2022-20829 : A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability.

Published 2022-06-24 16:15:09

Updated 2022-10-26 19:46:46

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2022-20829

Cisco » Asa 5512-x Firmware
Versions before (<) 9.18.2
cpe:2.3:o:cisco:asa_5512-x_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Asa 5512-x » Version: N/A
Cisco » Asa 5515-x Firmware
Versions before (<) 9.18.2
cpe:2.3:o:cisco:asa_5515-x_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Asa 5515-x » Version: N/A
Cisco » Asa 5585-x Firmware
Versions before (<) 9.18.2
cpe:2.3:o:cisco:asa_5585-x_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Asa 5585-x » Version: N/A
Cisco » Adaptive Security Device Manager
Versions before (<) 7.18.1.150
cpe:2.3:a:cisco:adaptive_security_device_manager:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Firepower 1010 » Version: N/A
When used together with: Cisco » Firepower 1120 » Version: N/A
When used together with: Cisco » Firepower 1140 » Version: N/A
When used together with: Cisco » Firepower 1150 » Version: N/A
When used together with: Cisco » Firepower 2110 » Version: N/A
When used together with: Cisco » Firepower 2120 » Version: N/A
When used together with: Cisco » Firepower 2130 » Version: N/A
When used together with: Cisco » Firepower 2140 » Version: N/A
When used together with: Cisco » Firepower 4110 » Version: N/A
When used together with: Cisco » Firepower 4112 » Version: N/A
When used together with: Cisco » Firepower 4115 » Version: N/A
When used together with: Cisco » Firepower 4120 » Version: N/A
When used together with: Cisco » Firepower 4125 » Version: N/A
When used together with: Cisco » Firepower 4140 » Version: N/A
When used together with: Cisco » Firepower 4145 » Version: N/A
When used together with: Cisco » Firepower 9300 » Version: N/A
Cisco » Isa 3000 Firmware
Versions before (<) 9.18.2
cpe:2.3:o:cisco:isa_3000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Isa 3000 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-20829

EPSS FAQ

5.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-20829

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.1	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	2.3	6.0	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-20829

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)

References for CVE-2022-20829

https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/

Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER | Rapid7 Blog
Exploit;Third Party Advisory

CVEs referencing this url
https://github.com/jbaines-r7/theway

GitHub - jbaines-r7/theway: A tool for extracting, modifying, and crafting ASDM binary packages (CVE-2022-20829)
Exploit;Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-asdm-sig-NPKvwDjm

Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-20829

Products affected by CVE-2022-20829

Exploit prediction scoring system (EPSS) score for CVE-2022-20829

CVSS scores for CVE-2022-20829

CWE ids for CVE-2022-20829

References for CVE-2022-20829