CVE-2022-20826: 
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation

A vulnerability (CVE-2022-20826) was discovered in the secure boot implementation of Cisco Secure Firewalls 3100 Series running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software. The vulnerability was first published on November 9, 2022, and affects devices running ASA Software Release 9.17/9.18 and FTD Software Release 7.1/7.2 with vulnerable firmware bundle versions (Cisco Advisory).

The vulnerability stems from a logic error in the boot process, allowing bypass of secure boot functionality. It has been assigned a CVSS base score of 6.8 (Medium) with the vector CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-501 (Trust Boundary Violation). The issue specifically affects firmware bundle versions earlier than 1.0.22 in ASA Software Release 9.17 and FTD Software Release 7.1, and versions earlier than 1.2.17 in ASA Software Release 9.18 and FTD Software Release 7.2 (Cisco Advisory).

A successful exploitation of this vulnerability could allow an attacker to execute persistent code at boot time and break the chain of trust. This compromises the secure boot functionality of the affected devices, potentially leading to persistent unauthorized code execution during the device boot process (Cisco Advisory).

Cisco has released software updates that address this vulnerability. For ASA Software, the fix is included in version 9.17.1.15 and 9.18.2. For FTD Software, the fix is available in versions 7.1.0.2 and 7.2.1. There are no workarounds available for this vulnerability. Once the firmware bundle is upgraded to a fixed version, it will remain fixed even if the software is downgraded (Cisco Advisory).