CVE-2022-20826Trust Boundary Violation in Cisco Adaptive Security Appliance Software

CWE-501Trust Boundary Violation4 documents4 sources
Severity
6.8MEDIUMNVD
CNA6.4
EPSS
0.4%
top 39.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software+1 more
Timeline
PublishedNov 15
Latest updateNov 16

Description

A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the b

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5cisco/cisco_firepower_threat_defense_software7.1.0, 7.2.0, 7.2.0.1+2
NVDcisco/firepower_threat_defense7.1.0.0, 7.2.0.0, 7.2.0.1+2

🔴Vulnerability Details

2
GHSA
GHSA-wpmq-hr5x-r7wq: A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Softw2022-11-16
CVEList
CVE-2022-20826: A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Softw2022-11-10

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall 3100 Series Secure Boot Bypass Vulnerability2022-11-09
CVE-2022-20826 — Trust Boundary Violation in Cisco | cvebase