Vulnerability identifier: #VU69198

Vulnerability risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20826

CWE-ID: N/A

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cisco Adaptive Security Appliance (ASA)
Hardware solutions / Security hardware applicances
Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances
Secure Firewall 3100
Server applications / Server solutions for antivurus protection

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to a logic error in the boot process. An attacker with physical access can execute persistent code at boot time and break the chain of trust.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Adaptive Security Appliance (ASA): 9.17 - 9.18

Cisco Firepower Threat Defense (FTD): 7.1.0, 7.2.0

Secure Firewall 3100: All versions

---

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fw3100-secure-boot-5M8mUh26

---

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.