SB2022042739 - Multiple vulnerabilities in Cisco ASA and Cisco FTD
Published: April 27, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Incorrect Privilege Assignment (CVE-ID: CVE-2022-20759)
CWE-ID: CWE-266 - Incorrect Privilege Assignment
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper separation of authentication and authorization scopes in the web services interface for remote access VPN feature. A remote authenticated user can send specially crafted HTTP requests to gain privilege level 15 access to the web management interface of the device
2) Missing Required Cryptographic Step (CVE-ID: CVE-2022-20742)
CWE-ID: CWE-325 - Missing Required Cryptographic Step
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel.
The vulnerability exists due to improper implementation of Galois/Counter Mode (GCM) ciphers in an IPsec VPN library. A remote attacker can perform MitM attack by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption.
3) Resource exhaustion (CVE-ID: CVE-2022-20760)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in the DNS inspection handler. A remote attacker can send specially crafted DNS requests to the affected device, trigger resource exhaustion and perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2022-20745)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the web services interface for remote access VPN feature. A remote attacker can send specially crafted HTTP requests to the device and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgmt-privesc-BMFMUvye
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz92016
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipsec-mitm-CKnLr4
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz81480
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz76966
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz70595