Trust Boundary Violation in Cisco Systems, Inc products - CVE-2022-20826
Published: November 10, 2022
Vulnerability identifier: #VU69198
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-20826
CWE-ID:
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Adaptive Security Appliance (ASA)
Cisco Firewall Threat Defense (FTD)
Secure Firewall 3100
Cisco Adaptive Security Appliance (ASA)
Cisco Firewall Threat Defense (FTD)
Secure Firewall 3100
Detailed vulnerability description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to a logic error in the boot process. An attacker with physical access can execute persistent code at boot time and break the chain of trust.
How to mitigate CVE-2022-20826
Install updates from vendor's website.