PT-2022-3059 · Cisco · Cisco Firepower Services Software For Asa +1

🗓️ 22 Jun 2022 00:00:00Reported by Positive TechnologiesType

Improper handling of undefined parameters in Cisco FirePOWER ASA allows an admin to execute root commands via CLI or HTTPS.

Reporter	Title	Published	Views	Family All 17
0day.today	Cisco ASA-X With FirePOWER Services Authenticated Command Injection Exploit	5 Sep 202200:00	–	zdt
ATTACKERKB	CVE-2022-20828	22 Jun 202223:00	–	attackerkb
Circl	CVE-2022-20828	24 Jun 202220:31	–	circl
Cisco	Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability	22 Jun 202216:00	–	cisco
CNNVD	Cisco Adaptive Security Appliances Software 安全漏洞	22 Jun 202200:00	–	cnnvd
Check Point Advisories	Cisco Firepower ASA Command Injection (CVE-2022-20828)	7 Nov 202200:00	–	checkpoint_advisories
CVE	CVE-2022-20828	24 Jun 202215:25	–	cve
Cvelist	CVE-2022-20828 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability	24 Jun 202215:25	–	cvelist
Metasploit	Cisco ASA-X with FirePOWER Services Authenticated Command Injection	2 Sep 202219:49	–	metasploit
NVD	CVE-2022-20828	24 Jun 202216:15	–	nvd

Source	Link
github	www.github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_asax_sfr_rce.rb
rapid7	www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software
packetstormsecurity	www.packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html
bdu	www.bdu.fstec.ru/vul/2022-03729
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-20828
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG
t	www.t.me/cibsecurity/45112
t	www.t.me/cvenotify/35740
t	www.t.me/cvenotify/34726
t	www.t.me/poxek/2443

26 Oct 2022 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 29

CVSS 3.16.5 - 7.2

EPSS0.53036

SSVC