SB2022042739 - Multiple vulnerabilities in Cisco ASA and Cisco FTD
Published: April 27, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Incorrect Privilege Assignment (CVE-ID: CVE-2022-20759)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper separation of authentication and authorization scopes in the web services interface for remote access VPN feature. A remote authenticated user can send specially crafted HTTP requests to gain privilege level 15 access to the web management interface of the device
2) Missing Required Cryptographic Step (CVE-ID: CVE-2022-20742)
The vulnerability allows a remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel.
The vulnerability exists due to improper implementation of Galois/Counter Mode (GCM) ciphers in an IPsec VPN library. A remote attacker can perform MitM attack by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption.
3) Resource exhaustion (CVE-ID: CVE-2022-20760)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in the DNS inspection handler. A remote attacker can send specially crafted DNS requests to the affected device, trigger resource exhaustion and perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2022-20745)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the web services interface for remote access VPN feature. A remote attacker can send specially crafted HTTP requests to the device and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgmt-privesc-BMFMUvye
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz92016
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipsec-mitm-CKnLr4
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz81480
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz76966
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz70595