Published: 24/06/2022 Updated: 07/11/2023

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 940

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote malicious user to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco asa_firepower

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user This vulnerability is due to improper handling of undefined command ...

This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user Access to the virtual machine allows the attacker to pivot to the inside n ...

This module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user Access to the virtual machine allows the attacker to ...

This module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine allows the attacker to pivot to the inside network, and access the outside network. Also, the SFR virtual machine is running snort on the traffic flowing through the ASA, so the attacker should have access to this diverted traffic as well. This module requires ASDM credentials in order to traverse the ASDM interface. A similar attack can be performed via Cisco CLI (over SSH), although that isn't implemented here. Finally, it's worth noting that this attack bypasses the affects of the `lockdown-sensor` command (e.g. the virtual machine's bash shell shouldn't be available but this attack makes it available). Cisco assigned this issue CVE-2022-20828. The issue affects all Cisco ASA that support the ASA FirePOWER module (at least Cisco ASA-X with FirePOWER Service, and Cisco ISA 3000). The vulnerability has been patched in ASA FirePOWER module versions 6.2.3.19, 6.4.0.15, 6.6.7, and 7.0.21. The following versions will receive no patch: 6.2.2 and earlier, 6.3.*, 6.5.*, and 6.7.*.

msf > use exploit/linux/http/cisco_asax_sfr_rce
msf exploit(cisco_asax_sfr_rce) > show targets
    ...targets...
msf exploit(cisco_asax_sfr_rce) > set TARGET < target-id >
msf exploit(cisco_asax_sfr_rce) > show options
    ...show and set options...
msf exploit(cisco_asax_sfr_rce) > exploit

Cisco ASA Software and ASDM Security Research

Cisco ASA Research This repository contains slides and code presented at Black Hat USA 2022 and DEF CON 30 The following can be found: Slides DEF CON 30 and Black Hat slide decks The DEF CON deck is slightly longer due to a longer time slot theway - a tool for creating malicious/distributable ASDM packages for the Cisco ASA (CVE-2022-20829) whatsup - a tool for creating

Cisco warns of security holes in its security appliances

The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Bugs potentially useful for rogue insiders, admin account hijackers

Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacture...

CVE-2022-20828

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Metasploit Modules

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect