CVE-2022-20829 — Insufficient Verification of Data Authenticity in Cisco Adaptive Security Device Manager

CWE-345 — Insufficient Verification of Data Authenticity4 documents4 sources

Severity

7.2HIGHNVD

CNA9.1

EPSS

4.9%

top 10.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Device Manager Cisco ASA 5512-x Firmware Cisco ASA 5515-x Firmware +3 more

Timeline

PublishedJun 24

Latest updateJun 25

Description

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisc…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages6 packages

▶NVDcisco/adaptive_security_device_manager< 7.18.1.150

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwaren/a

▶NVDcisco/isa_3000_firmware< 9.18.2

▶NVDcisco/asa_5512-x_firmware< 9.18.2

▶NVDcisco/asa_5515-x_firmware< 9.18.2

🔴Vulnerability Details

GHSA

GHSA-qq3x-ppcw-6fmq: A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security↗2022-06-25

▶

CVEList

Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability↗2022-06-24

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability↗2022-06-22

▶