Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-20759
CVE-2022-20759:
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation
Overview
A vulnerability (CVE-2022-20759) was discovered in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. The vulnerability, disclosed on April 27, 2022, allows an authenticated but unprivileged remote attacker to elevate privileges to level 15. This security flaw affects systems running vulnerable releases of Cisco ASA Software or Cisco FTD Software with either HTTPS Management Access and IKEv2 Client Services enabled, or HTTPS Management Access and WebVPN enabled on at least one interface (Cisco Advisory).
Technical details
The vulnerability stems from improper separation of authentication and authorization scopes in the affected systems. An attacker can exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. The vulnerability has been assigned a CVSS base score of 8.8 (High) with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impact on confidentiality, integrity, and availability (NVD).
Impact
A successful exploit allows an attacker to gain privilege level 15 access to the web management interface of the device, including access through management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). However, for Cisco FTD Software, the impact is lower than the CVSS score suggests as the affected web management interface allows for read access only (Cisco Advisory).
Mitigation and workarounds
Cisco has released software updates that address this vulnerability. There are no workarounds available. For ASA Software, fixed versions include 9.8.4.43, 9.12.4.38, 9.14.4, 9.15.1.21, 9.16.2.13, and 9.17.1.7. For FTD Software, fixed versions include 6.4.0.15, 6.6.5.2, 7.0.2, and 7.1.0.1. Users of versions 9.7 and earlier, as well as 9.9, 9.10, and 9.13, are advised to migrate to a supported release that includes the fix (Cisco Advisory).
Additional resources
Source: This report was generated using AI
Related Cisco Adaptive Security Appliance (ASA) vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management