CVE-2022-20829

{"id": "CVE-2022-20829", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2022-06-24T16:15:08.580", "references": [{"url": "https://github.com/jbaines-r7/theway", "tags": ["Exploit", "Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-asdm-sig-NPKvwDjm", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/", "tags": ["Exploit", "Third Party Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en el empaquetado de las im\u00e1genes de Cisco Adaptive Security Device Manager (ASDM) y en la comprobaci\u00f3n de dichas im\u00e1genes por parte del software Cisco Adaptive Security Appliance (ASA) podr\u00eda permitir a un atacante remoto autenticado con privilegios administrativos cargar una imagen ASDM que contenga c\u00f3digo malicioso en un dispositivo que est\u00e9 ejecutando el software Cisco ASA. Esta vulnerabilidad es debido a que noes comprobada suficientemente la autenticidad de una imagen ASDM durante su instalaci\u00f3n en un dispositivo que ejecuta el software Cisco ASA. Un atacante podr\u00eda explotar esta vulnerabilidad al instalar una imagen ASDM dise\u00f1ada en el dispositivo que est\u00e1 ejecutando el software Cisco ASA y luego esperar a que un usuario objetivo acceda a ese dispositivo utilizando ASDM. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en la m\u00e1quina del usuario objetivo con los privilegios de ese usuario en esa m\u00e1quina. Notas: Para explotar con \u00e9xito esta vulnerabilidad, el atacante debe tener privilegios administrativos en el dispositivo que est\u00e1 ejecutando el software Cisco ASA. Los objetivos potenciales son limitados a usuarios que administran el mismo dispositivo que ejecuta el software Cisco ASA mediante ASDM. Cisco ha publicado y publicar\u00e1 actualizaciones de software que abordan esta vulnerabilidad"}], "lastModified": "2023-11-07T03:43:04.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:isa_3000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFF5B583-E8C2-4721-9E5A-9897F921EECB", "versionEndExcluding": "9.18.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9510E97A-FD78-43C6-85BC-223001ACA264"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8718682-6134-4060-956C-6E9D7DF7AE3E", "versionEndExcluding": "9.18.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0240213-56B7-4FFF-BC62-99BC4C39C6A0", "versionEndExcluding": "9.18.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AFD8494-2320-4529-BA39-4F39EABCD2DE", "versionEndExcluding": "9.18.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:adaptive_security_device_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E75EA8EE-B926-44B5-93F3-ED8CCDFECAE9", "versionEndExcluding": "7.18.1.150"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FFE3880-4B85-4E23-9836-70875D5109F7"}, {"criteria": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "727A02E8-40A1-4DFE-A3A2-91D628D3044F"}, {"criteria": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19F6546E-28F4-40DC-97D6-E0E023FE939B"}, {"criteria": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99"}, {"criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72"}, {"criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F"}, {"criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B"}, {"criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140"}, {"criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F"}, {"criteria": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "957D64EB-D60E-4775-B9A8-B21CA48ED3B1"}, {"criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE"}, {"criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46"}, {"criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F"}, {"criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4"}, {"criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24"}, {"criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}