CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2022-20829

CVSS 9.1v3.1pub. 2022-06-24upd. 2024-11-21

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Cisco Adaptive Security Device Manager

    APP
    Cisco
    < 7.18.1.150
  • Cisco Asa 5512 X

    HW
    Cisco
    wszystkie wersje
  • Cisco Asa 5512 X Firmware

    OS
    Cisco
    < 9.18.2
  • Cisco Asa 5515 X

    HW
    Cisco
    wszystkie wersje
  • Cisco Asa 5515 X Firmware

    OS
    Cisco
    < 9.18.2
  • Cisco Asa 5585 X

    HW
    Cisco
    wszystkie wersje
  • Cisco Asa 5585 X Firmware

    OS
    Cisco
    < 9.18.2
  • Cisco Firepower 1010

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 1120

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 1140

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 1150

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 2110

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 2120

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 2130

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 2140

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 4110

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 4112

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 4115

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 4120

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 4125

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 4140

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 4145

    HW
    Cisco
    wszystkie wersje
  • Cisco Firepower 9300

    HW
    Cisco
    wszystkie wersje
  • Cisco Isa 3000

    HW
    Cisco
    wszystkie wersje
  • Cisco Isa 3000 Firmware

    OS
    Cisco
    < 9.18.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-20412CRITICAL9.3PL ✓ten sam produkt

Cisco FTD: statyczne konta z zakodowanymi hasłami umożliwiają nieautoryzowany dostęp

CVE-2020-3125CRITICAL9.8ten sam produkt

A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software cou...

CVE-2020-3187CRITICAL9.1ten sam produkt

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Fi...

CVE-2018-0310CRITICAL9.8ten sam produkt

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could a...

CVE-2020-3452HIGH7.5⚠ KEVten sam produkt

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Fi...