QID 317202

QID 317202: Cisco Firepower Software for ASA Firepower Module Command Injection Vulnerability (cisco-sa-asasfr-cmd-inject-PE4GfdG)

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user.

Affected Products
Prior to 6.2.3.19
6.3.0 to 6.4.0.15
6.5.0 to 6.6.7
6.7.0 to 7.0.2.1

An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module.

CVSS V3 rated as High - 6.5 severity.

CVSS V2 rated as High - 7.7 severity.

Solution

Customers are advised to refer to cisco-sa-ftd-sidns-bypass-3PzA5pO for more information.

Vendor References

cisco-sa-asasfr-cmd-inject-PE4GfdG - tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG

CVEs related to QID 317202

CVE-2022-20828 |

Software Advisories

Advisory ID	Software	Component	Link
cisco-sa-asasfr-cmd-inject-PE4GfdG			tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].