CVE-2022-20829

CVE	CVE-2022-20829
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-06-24 16:15:00 UTC
Updated	2023-11-07 03:43:00 UTC
Description	A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability.

Problem Types: CWE-345

Type	Vendor	Product	Version	Update	Edition	Language
Application	Cisco	Adaptive Security Device Manager	All	All	All	All
Hardware	Cisco	Asa 5512-x	-	All	All	All
Operating System	Cisco	Asa 5512-x Firmware	All	All	All	All
Hardware	Cisco	Asa 5515-x	-	All	All	All
Operating System	Cisco	Asa 5515-x Firmware	All	All	All	All
Hardware	Cisco	Asa 5585-x	-	All	All	All
Operating System	Cisco	Asa 5585-x Firmware	All	All	All	All
Hardware	Cisco	Firepower 1010	-	All	All	All
Hardware	Cisco	Firepower 1120	-	All	All	All
Hardware	Cisco	Firepower 1140	-	All	All	All
Hardware	Cisco	Firepower 1150	-	All	All	All
Hardware	Cisco	Firepower 2110	-	All	All	All
Hardware	Cisco	Firepower 2120	-	All	All	All
Hardware	Cisco	Firepower 2130	-	All	All	All
Hardware	Cisco	Firepower 2140	-	All	All	All
Hardware	Cisco	Firepower 4110	-	All	All	All
Hardware	Cisco	Firepower 4112	-	All	All	All
Hardware	Cisco	Firepower 4115	-	All	All	All
Hardware	Cisco	Firepower 4120	-	All	All	All
Hardware	Cisco	Firepower 4125	-	All	All	All
Hardware	Cisco	Firepower 4140	-	All	All	All
Hardware	Cisco	Firepower 4145	-	All	All	All
Hardware	Cisco	Firepower 9300	-	All	All	All
Hardware	Cisco	Isa 3000	-	All	All	All
Operating System	Cisco	Isa 3000 Firmware	All	All	All	All

Reference	Source	Link	Tags
GitHub - jbaines-r7/theway: A tool for extracting, modifying, and crafting ASDM binary packages (CVE-2022-20829)	MISC	github.com
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER \| Rapid7 Blog	MISC	www.rapid7.com
20220622 Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability	CISCO	tools.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

317201 Cisco Adaptive Security Device Manager (ASDM) and Adaptive Security Appliance (ASA) Software Client-side Arbitrary Code Execution Vulnerability (cisco-sa-asa-asdm-sig-NPKvwDjm)