Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability [CVE-2022-20828]

CVE number – CVE-2022-20828

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user.

This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module.

Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

Vulnerable Products

At the time of publication, this vulnerability affected Cisco ASA FirePOWER modules if they were running a vulnerable release of Cisco FirePOWER Software and were configured to block all access to the Linux shell using the system lockdown[-sensor] CLI command.

Note: The attack vector through an HTTPS request is open only if HTTPS management access is enabled on the Cisco ASA that is hosting the ASA FirePOWER module.

At the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability.

Cisco FirePOWER Software for ASA FirePOWER Module ReleaseFirst Fixed Release for This Vulnerability
6.2.2 and earlier1Migrate to a fixed release.
6.2.36.2.3.19 (Dec 2022)
6.3.01Migrate to a fixed release.
6.4.06.4.0.15
6.5.01Migrate to a fixed release.
6.6.06.6.7 (Jun 2022)
6.7.0Migrate to a fixed release.
7.027.0.2.1 (Jul 2022)

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: