SB2022062235 - Privilege escalation in Cisco FirePOWER Software for ASA FirePOWER Module
Published: June 22, 2022 Updated: September 5, 2022
Security Bulletin ID
SB2022062235
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) OS Command Injection (CVE-ID: CVE-2022-20828)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module. A local user can pass specially crafted parameters to the affected CLI command and execute arbitrary commands on the system with root privileges.
Remediation
Install update from vendor's website.