CVE-2022-20828

First published: Fri Jun 24 2022(Updated: )

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.

Credit: ykramarz@cisco.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• vendor/cisco
• canonical/cisco asa firepower
• version/cisco asa firepower/6.3.0
• version/cisco asa firepower/6.5.0
• version/cisco asa firepower/6.7.0
• canonical/cisco firepower 1010
• canonical/cisco firepower 1120
• canonical/cisco firepower 1140
• canonical/cisco firepower 1150
• canonical/cisco firepower 2110
• canonical/cisco firepower 2120
• canonical/cisco firepower 2130
• canonical/cisco firepower 2140
• canonical/cisco firepower 4110
• canonical/cisco firepower 4112
• canonical/cisco firepower 4115
• canonical/cisco firepower 4120
• canonical/cisco firepower 4125
• canonical/cisco firepower 4140
• canonical/cisco firepower 4145
• canonical/cisco firepower 4150
• canonical/cisco firepower 9300
• canonical/cisco firepower management center
• canonical/cisco firepower management center virtual appliance